CVE-2020-9528 Information

Description

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20) as used by many different vendors in millions of Internet of Things devices suffers from cryptographic issues that allow remote attackers to access user session data as demonstrated by eavesdropping on user video/audio streams capturing credentials and compromising devices. This affects products marketed under the following brand names: Accfly Alptop Anlink Besdersec BOAVISION COOAU CPVAN Ctronics D3D Security Dericam Elex System Elite Security ENSTER ePGes Escam FLOUREON GENBOLT Hongjingtian (HJT) ICAMI Iegeek Jecurity Jennov KKMoon LEFTEK Loosafe Luowice Nesuniq Nettoly ProElite QZT Royallite SDETER SV3C SY2L Tenvis ThinkValue TOMLOV TPTEK WGCC and ZILINK.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://hacked.camera/ https://redprocyon.com

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5