CVE-2021-32934

Name of the Vulnerable Software and Affected Versions ThroughTek P2P products versions prior to 3.1.5 ThroughTek P2P products with nossl tag ThroughTek P2P products with device firmware not using AuthKey for IOTC connection ThroughTek P2P products with firmware using AVAPI module without enabling DTLS mechanism ThroughTek P2P products with firmware using P2PTunnel or RDT module

Description The affected ThroughTek P2P products do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.

Recommendations For ThroughTek P2P products versions prior to 3.1.5, update to version 3.1.5 or later. For ThroughTek P2P products with nossl tag, remove the nossl tag and enable SSL. For ThroughTek P2P products with device firmware not using AuthKey for IOTC connection, enable AuthKey for IOTC connection. For ThroughTek P2P products with firmware using AVAPI module without enabling DTLS mechanism, enable DTLS mechanism for the AVAPI module. For ThroughTek P2P products with firmware using P2PTunnel or RDT module, consider disabling the P2PTunnel or RDT module until a patch is available.