Vulnerability Note VU#792004
RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol
RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server.
Frontel uses a custom protocol running on TCP port 888. The protocol performs an authentication handshake using AES-128 and a pre-shared key, and then sends data.
CWE-321: Use of Hard-coded Cryptographic Key - CVE-2015-8252
A remote unauthenticated attacker may be able to spoof messages to manipulate and snoop on data, including video.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|RSI Video Technologies||Affected||06 Aug 2015||30 Nov 2015|
CVSS Metrics (Learn More)
Thanks to Andrew Tierney for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-8252 CVE-2015-8253 CVE-2015-8254
- Date Public: 30 Nov 2015
- Date First Published: 30 Nov 2015
- Date Last Updated: 30 Nov 2015
- Document Revision: 43
If you have feedback, comments, or additional information about this vulnerability, please send us email.