Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools.

Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls.

Sensitive customer information is stored in the device without encryption.

Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system.