Kaizheng

Name of the Vulnerable Software and Affected Versions: Victor Zsviot Camera version 8.26.31 Description: A vulnerability has been found in the MQTT Packet Handler component of the Victor Zsviot Camera, which can be exploited remotely and leads to denial of service. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. Recommendations: For version 8.26.31, as a temporary workaround, consider disabling the MQTT Packet Handler component until a patch is available. Restrict access to the camera's network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hualai Xiaofang iSC5 version 3.2.2 112 **Description** A vulnerability was found in the software, classified as problematic, affecting some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high, and the exploitation is known to be difficult. **Recommendations** For version 3.2.2 112, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EZVIZ CS-C6-21WFR-8 version 5.2.7 Build 170628 **Description** A vulnerability was found in the Davinci Application component, leading to improper certificate validation. The manipulation can be initiated remotely, with a rather high complexity of attack and difficult exploitability. **Recommendations** For EZVIZ CS-C6-21WFR-8 version 5.2.7 Build 170628, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tuya SDK versions up to 5.0.x **Description** A vulnerability has been found in the MQTT Packet Handler component, which can lead to denial of service. The attack can be launched remotely, but the vendor notes that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack. The real existence of this vulnerability is still doubted at the moment. **Recommendations** For Tuya SDK versions up to 5.0.x, upgrade to version 5.1.0 to address this issue. As a temporary workaround, consider restricting access to the MQTT Packet Handler component until a patch is available.