CVE-2019-20461

Name of the Vulnerable Software and Affected Versions Alecto IVM-100 2019-11-12 Tk-star nan (affected versions not specified) Svakom Nan (affected versions not specified) Alecto nan (affected versions not specified) Loven nan (affected versions not specified) Sannce products (affected versions not specified) Brother printers (affected versions not specified)

Description An issue was discovered in the custom UDP protocol used by the devices to start and control video and audio services. The protocol has been partially reverse engineered, revealing that no password or username is transferred over this protocol. As a result, it is possible to set up sessions with the device over the Internet using the encoded UID, since authentication happens at the client side.

Recommendations For Alecto IVM-100 2019-11-12, consider disabling the custom UDP protocol until a patch is available. For Tk-star nan, update to the latest version immediately to mitigate risks. For Svakom Nan, update to the latest version immediately to mitigate risks. For Alecto nan, update to the latest release to mitigate risks. For Loven nan, update to the latest version to mitigate potential threats. For Sannce products, update to the latest firmware and follow security best practices. For Brother printers, update to the latest firmware provided by Brother to mitigate risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected products.