Paul Marrapese

#11150of 53,633
24.7Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2020-20715
8.1
2020-08-10
Cs2 · Cs2 Network P2P · CVE-2020-9525
**Name of the Vulnerable Software and Affected Versions** CS2 Network P2P versions 2.x through 3.x **Description** The issue allows remote attackers to perform a man-in-the-middle attack, enabling them to eavesdrop on user video/audio streams, capture credentials, and compromise devices. This affects millions of Internet of Things devices. **Recommendations** For versions 2.x through 3.x, as a temporary workaround, consider restricting access to sensitive data and disabling any features that rely on the vulnerable authentication mechanism until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-20716
5.9
2020-08-10
Cs2 · Cs2 Network P2P · CVE-2020-9526
**Name of the Vulnerable Software and Affected Versions** CS2 Network P2P versions 2.x through 3.x **Description** The issue affects millions of Internet of Things devices, causing an information exposure flaw that compromises user session data. This is done by exposing data to supernodes in the network. As a result, it is possible to passively eavesdrop on user video/audio streams, capture credentials, and compromise devices. **Recommendations** For versions 2.x through 3.x, consider restricting access to the supernodes in the network to minimize the risk of exploitation. Avoid using sensitive information over the affected network until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-12195
6.4
2019-04-26
Shenzhen Yunni Technology · Ilnkp2P · CVE-2019-11219
**Name of the Vulnerable Software and Affected Versions** Shenzhen Yunni Technology iLnkP2P (affected versions not specified) **Description** The algorithm used to generate device IDs (UIDs) for devices that utilize iLnkP2P suffers from a predictability flaw, allowing remote attackers to establish direct connections to arbitrary devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-12196
4.3
2019-04-26
Shenzhen Yunni Technology · Ilnkp2P · CVE-2019-11220
**Name of the Vulnerable Software and Affected Versions** Shenzhen Yunni Technology iLnkP2P (affected versions not specified) **Description** The issue is related to an authentication flaw that allows remote attackers to intercept user-to-device traffic in cleartext. This includes video streams and device credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.