CVE-2023-6324

Name of the Vulnerable Software and Affected Versions: ThroughTek Kalay SDK versions used in Owlet Cam v1, Owlet Cam v2, Wyze Cam v3, and Roku Indoor Camera SE

Description: The issue is related to the use of uninitialized variables in the Kalay SDK, which can be exploited by a remote attacker to disclose protected information. Additionally, the SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity.

Recommendations: For ThroughTek Kalay SDK versions used in Owlet Cam v1, Owlet Cam v2, Wyze Cam v3, and Roku Indoor Camera SE, consider disabling the use of DTLS sessions with unpredictable PSK identities until a patch is available. As a temporary workaround, restrict access to the affected devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.