6.5
CVE-2023-6323
- EPSS 0.33%
- Veröffentlicht 15.05.2024 13:15:25
- Zuletzt bearbeitet 11.02.2025 21:32:45
- Quelle cve-requests@bitdefender.com
- CVE-Watchlists
- Unerledigt
LoginThroughTek Kalay SDK insufficient verification of message authenticity
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wyze ≫ Cam V3 Firmware Version4.36.11.5859
Roku ≫ Indoor Camera Se Firmware Version3.0.2.4679
Owletcare ≫ Cam Firmware Version < 4.2.11
Owletcare ≫ Cam 2 Firmware Version < 4.2.10
Throughtek ≫ Kalay Platform Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.243 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| cve-requests@bitdefender.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/