{"containers": {"cna": {"affected": [{"product": "P2P SDK", "vendor": "ThroughTek", "versions": [{"status": "affected", "version": "all with nossl tag"}, {"status": "unaffected", "version": "firmware using AuthKey for IOTC connection"}, {"status": "affected", "version": "firmware using AVAPI module without enabling DTLS mechanism"}, {"status": "affected", "version": "firmware using P2PTunnel or RDT module"}, {"lessThanOrEqual": "3.1.5", "status": "affected", "version": "All", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nozomi Networks reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "value": "The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-19T17:20:06.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01"}], "source": {"advisory": "ICSA-21-166-01", "discovery": "UNKNOWN"}, "title": "ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-32934", "STATE": "PUBLIC", "TITLE": "ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "P2P SDK", "version": {"version_data": [{"version_affected": "<=", "version_name": "All", "version_value": "3.1.5"}, {"version_affected": "=", "version_value": "all with nossl tag"}, {"version_affected": "!", "version_value": "firmware using AuthKey for IOTC connection"}, {"version_affected": "=", "version_value": "firmware using AVAPI module without enabling DTLS mechanism"}, {"version_affected": "=", "version_value": "firmware using P2PTunnel or RDT module"}]}}]}, "vendor_name": "ThroughTek"}]}}, "credit": [{"lang": "eng", "value": "Nozomi Networks reported this vulnerability to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-319 Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01"}]}, "source": {"advisory": "ICSA-21-166-01", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:33:56.086Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:54:43.160260Z", "id": "CVE-2021-32934", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:19:34.297Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32934", "datePublished": "2022-05-19T17:20:06.000Z", "dateReserved": "2021-05-13T00:00:00.000Z", "dateUpdated": "2025-04-16T16:19:34.297Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:33:56.086Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-32934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-16T15:54:43.160260Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:54:45.041Z"}}], "cna": {"title": "ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information", "source": {"advisory": "ICSA-21-166-01", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Nozomi Networks reported this vulnerability to CISA."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ThroughTek", "product": "P2P SDK", "versions": [{"status": "affected", "version": "all with nossl tag"}, {"status": "unaffected", "version": "firmware using AuthKey for IOTC connection"}, {"status": "affected", "version": "firmware using AVAPI module without enabling DTLS mechanism"}, {"status": "affected", "version": "firmware using P2PTunnel or RDT module"}, {"status": "affected", "version": "All", "versionType": "custom", "lessThanOrEqual": "3.1.5"}]}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01", "tags": ["x_refsource_MISC"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-05-19T17:20:06.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Nozomi Networks reported this vulnerability to CISA."}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"advisory": "ICSA-21-166-01", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "All", "version_value": "3.1.5", "version_affected": "<="}, {"version_value": "all with nossl tag", "version_affected": "="}, {"version_value": "firmware using AuthKey for IOTC connection", "version_affected": "!"}, {"version_value": "firmware using AVAPI module without enabling DTLS mechanism", "version_affected": "="}, {"version_value": "firmware using P2PTunnel or RDT module", "version_affected": "="}]}, "product_name": "P2P SDK"}]}, "vendor_name": "ThroughTek"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-319 Cleartext Transmission of Sensitive Information"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-32934", "STATE": "PUBLIC", "TITLE": "ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information", "ASSIGNER": "ics-cert@hq.dhs.gov"}}}}, "cveMetadata": {"cveId": "CVE-2021-32934", "state": "PUBLISHED", "dateUpdated": "2025-04-16T16:19:34.297Z", "dateReserved": "2021-05-13T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-05-19T17:20:06.000Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:throughtek:kalay_p2p_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57DEF3D-1F13-4F99-BC33-883D0C955EC4", "versionEndIncluding": "3.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds."}, {"lang": "es", "value": "Los productos P2P de ThroughTek afectados (SDKs que usan versiones anteriores a 3.1.5, cualquier versi\u00f3n con la etiqueta nossl, el firmware del dispositivo que no usa AuthKey para la conexi\u00f3n IOTC, el firmware que usa el m\u00f3dulo AVAPI sin activar el mecanismo DTLS, y el firmware que usa el m\u00f3dulo P2PTunnel o RDT) no protegen suficientemente los datos transferidos entre el dispositivo local y los servidores de ThroughTek. Esto puede permitir a un atacante acceder a informaci\u00f3n confidencial, como la alimentaci\u00f3n de la c\u00e1mara"}], "id": "CVE-2021-32934", "lastModified": "2024-11-21T06:07:57.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-19T18:15:09.237", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{}