RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server.
Frontel uses a custom protocol running on TCP port 888. The protocol performs an authentication handshake using AES-128 and a pre-shared key, and then sends data.
CWE-321: Use of Hard-coded Cryptographic Key - CVE-2015-8252
A remote unauthenticated attacker may be able to spoof messages to manipulate and snoop on data, including video.
Apply an update
Thanks to Andrew Tierney for reporting this vulnerability.