A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTeks Kalay network, used in 83m devices. The flaw, tracked as CVE-2021-28372 and FEYE-20 21-0020 and assigned a critical CVSS3.1 base score of 9.6, was found in devices connected via the Kalay IoT cloud platform. It’s impossible to compile a comprehensive list of companies and products affected.”]
Source: https://threatpost.com/bug-iot-millions-devices-attackers-eavesdrop/168729/