This article has been indexed from Help Net Security
A vulnerability (CVE-2021-28372) in the SDK that allows IoT devices to use ThroughTek’s Kalay P2P cloud platform could be exploited to remotely compromise and control them, Mandiant researchers have discovered. Further attacks are possible depending on the functionality exposed by a device. “Due to how the Kalay protocol is integrated by original equipment manufacturers (OEMs) and resellers before devices reach consumers, Mandiant is unable to determine a complete list of products and companies affected by … More
The post Critical bug allows remote compromise, control of millions of IoT devices (CVE-2021-28372) appeared first on Help Net Security.
Read the original article: Critical bug allows remote compromise, control of millions of IoT devices (CVE-2021-28372)