Impersonation Vulnerability in ThroughTek's Kalay Platform 2.0 Allows Hijacking of TUTK Devices

Impersonation Vulnerability in ThroughTek's Kalay Platform 2.0 Allows Hijacking of TUTK Devices

CVE-2021-28372 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device.

Learn more about our Network Penetration Testing.