Authored by Calvin Star, Austin Henderson, Nolia Red

The RoomCast TA-2400, versions 1.0-3.1+, has multiple critical security vulnerabilities, including clear-text storage of sensitive information within executables, improper access control, improper privilege management, and the use of hard-coded passwords. Uniting these vulnerabilities paves the way for a complete compromise of the device and, in turn, exposes clients to direct threats from those exploiting the compromised unit.

advisories | CVE-2023-33742, CVE-2023-33743, CVE-2023-33744, CVE-2023-33745