The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek’s software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams.
“Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds,” CISA said in the alert.
ThroughTek’s point-to-point (P2P) SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet.
SOURCE: https://thehackernews.com/2021/06/critical-throughtek-flaw-opens-millions.html