CVE-2015-8252

MEDIUM

Frontel <3 - Info Disclosure

Title source: llm

Description

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.

References (2)

[Exploit] http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/792004

Scores

CVSS v3 5.9

EPSS 0.0059

EPSS Percentile 68.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (1)

rsi_video_technologies/frontel_protocol < 2.0

Timeline

Published Dec 27, 2015

Tracked Since Feb 18, 2026