CVE-2020-9528

Name of the Vulnerable Software and Affected Versions Firmware developed by Shenzhen Hichip Vision Technology versions V6 through V20

Description The firmware suffers from cryptographic issues, allowing remote attackers to access user session data. This can be demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. Millions of Internet of Things devices from various vendors are potentially affected, including products marketed under multiple brand names.

Recommendations For versions V6 through V20, consider disabling remote access to the device until a patch is available. Restrict access to sensitive data and avoid using the device for critical applications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.