CVE-2023-6323 – CVE-2023-6323 is an authentication bypass vulne... (How to Fix)

Q: What is the severity of CVE-2023-6323?

CVE-2023-6323 has a CVSS score of 4.3 (MEDIUM). CVE-2023-6323 is an authentication bypass vulnerability in ThroughTek Kalay SDK where message authenticity isn't verified, allowing attackers to impersonate legitimate servers. This affects IoT devices, cameras, and smart home products using the vulnerable SDK. Attackers could intercept or manipulate device communications.

📋 TL;DR

CVE-2023-6323 is an authentication bypass vulnerability in ThroughTek Kalay SDK where message authenticity isn't verified, allowing attackers to impersonate legitimate servers. This affects IoT devices, cameras, and smart home products using the vulnerable SDK. Attackers could intercept or manipulate device communications.

💻 Affected Systems

Products:

ThroughTek Kalay SDK
IoT devices using Kalay SDK
Smart cameras
Smart home devices

Versions: Multiple versions prior to fixes (specific versions not detailed in references)

Operating Systems: Embedded Linux, RTOS, Various IoT platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any device using vulnerable Kalay SDK versions; exact version ranges depend on manufacturer implementation

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of affected IoT devices allowing data exfiltration, device takeover, or lateral movement into connected networks

🟠

Likely Case

Unauthorized access to device feeds, manipulation of device functionality, or denial of service

🟢

If Mitigated

Limited impact if devices are isolated in segmented networks with strict firewall rules

🌐 Internet-Facing: HIGH - IoT devices often exposed directly to internet with minimal protection

🏢 Internal Only: MEDIUM - Risk exists but requires internal network access; still concerning for IoT device integrity

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to vulnerable devices; no authentication needed to initiate attack

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ThroughTek has released updated SDK versions; check with device manufacturers for specific patched versions

Vendor Advisory: https://www.throughtek.com/kalay_platform.html

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates 2. Apply manufacturer-provided patches 3. Restart affected devices 4. Verify communication integrity

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IoT devices in separate VLANs with strict firewall rules

Access Control Lists

all

Restrict network access to Kalay devices from trusted sources only

🧯 If You Can't Patch

Segment IoT network from critical infrastructure
Monitor network traffic for unusual Kalay protocol patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer advisories; monitor for unexpected Kalay protocol traffic

Check Version:

Manufacturer-specific commands vary; typically through device management interface or SSH

Verify Fix Applied:

Verify updated firmware version; test device communication integrity

📡 Detection & Monitoring

Log Indicators:

Unexpected authentication failures
Unusual Kalay protocol patterns
Device communication anomalies

Network Indicators:

Suspicious Kalay protocol traffic from untrusted sources
Unexpected server impersonation attempts

SIEM Query:

source_ip NOT IN trusted_networks AND protocol="Kalay" AND (event_type="authentication_bypass" OR message_integrity_failure)

📊 Metadata

CVE ID: CVE-2023-6323

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-345

Published: May 15, 2024

Last Updated: February 11, 2025

🔗 References

https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/ Exploit,Third Party Advisory
https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6323, you might also want to check these: