MidnightBSD

Advisories for rsi_video_technologies

CVE-2015-8252 MEDIUM

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
rsi_video_technologies frontel_protocol *
CVE-2015-8253 MEDIUM

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
rsi_video_technologies frontel_protocol *
CVE-2015-8254 MEDIUM

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
rsi_video_technologies frontel_protocol *