The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream.
References
Link | Resource |
---|---|
http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/ | Exploit |
https://www.kb.cert.org/vuls/id/792004 | Third Party Advisory US Government Resource |
Configurations
History
No history.
Information
Published : 2015-12-27 03:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-8254
Mitre link : CVE-2015-8254
CVE.ORG link : CVE-2015-8254
JSON object : View
Products Affected
rsi_video_technologies
- frontel_protocol
CWE
CWE-345
Insufficient Verification of Data Authenticity