Vulnerability Details : CVE-2020-9526
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices.
Exploit prediction scoring system (EPSS) score for CVE-2020-9526
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 50 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-9526
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2020-9526
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by: nvd@nist.gov (Primary)
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-9526
-
https://redprocyon.com
Security cameras vulnerable to hijackingThird Party Advisory
-
https://hacked.camera/
Security cameras vulnerable to hijackingThird Party Advisory
Products affected by CVE-2020-9526
- cpe:2.3:a:cs2-network:p2p:*:*:*:*:*:*:*:*