The security issue impacts products from various manufacturers that provide video and surveillance solutions, as well as home automation IoT systems, which are all connected via ThroughTek’s Kalay IoT cloud platform.
American cybersecurity firm Mandiant revealed the CVE-2021-28372 bug after reporting it to the Cybersecurity and Infrastructure Security Agency (CISA).
Because the Kalay platform is used by devices from a large number of manufacturers, it is difficult to create a list with the affected brands. Mandiant were unable to determine how many devices are affected, but they warned that more than 83 million users are currently using Kalay. more
An adversary would be able to remotely compromise an IoT device by
exploiting the flaw and could compromise device credentials, watch
real-time video data, and listen to live audio. more
