CVE-2020-9525

HIGH

Cs2-network P2p < 3.0.3a - Information Disclosure

Title source: rule

Description

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices.

References (2)

[Third Party Advisory] https://hacked.camera

[Third Party Advisory] https://redprocyon.com

Scores

CVSS v3 8.1

EPSS 0.0072

EPSS Percentile 72.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (1)

cs2-network/p2p < 3.0.3a

Timeline

Published Aug 10, 2020

Tracked Since Feb 18, 2026