The vulnerabilities were discovered by researchers at industrial and IoT cybersecurity firm Claroty. The company — along with CISA and CERT/CC — has attempted to report the findings to the vendor over the past year, but without success, and the security holes remain unpatched.
Claroty this week disclosed technical details of its findings and CISA has also published an advisory.
The security firm started analyzing Akuvox’s E11 product after finding it in a new office space it moved into last year. The E11 is advertised as a video doorphone designed for homes, villas, offices, and warehouses. It includes live video streaming, motion detection, and access control capabilities. According to CISA, the affected product has been used worldwide.