8.3
CVE-2021-28372
- EPSS 0.92%
- Veröffentlicht 17.08.2021 22:15:08
- Zuletzt bearbeitet 21.11.2024 05:59:36
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Throughtek ≫ Kalay P2p Software Development Kit Version < 3.1.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.92% | 0.749 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 8.3 | 1.6 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
|
nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.