All devices from Xiongmai, a Chinese manufacturer of white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls. The SEC Consult Vulnerability Lab is using the results to improve the automated analysis by IoT Inspector. The P2P Cloud feature allows remote connections into private networks and effectively allows attackers to attack devices that have been intentionally exposed.”]