CVE-2019-20461

Published: Nov 7, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol. Thus, one can set up the camera connection feed with only the encoded UID. It is possible to set up sessions with the camera over the Internet by using the encoded UID and the custom UDP protocol, because authentication happens at the client side.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.alecto.nl

20240729 Bunch of IoT CVEs

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-20461

Description

Affected Products

References