CVE-2019-12477

Опубликовано: 07 июн. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Средний

Описание

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.

Ссылки

http://packetstormsecurity.com/files/153191/Supra-Smart-Cloud-TV-Remote-File-Inclusion.html
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/file/d/1ZVHn_bPE-3kqYd2D-3AJpXZdd4dlmzVh/view?usp=sharing
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/153191/Supra-Smart-Cloud-TV-Remote-File-Inclusion.html
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/file/d/1ZVHn_bPE-3kqYd2D-3AJpXZdd4dlmzVh/view?usp=sharing
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:supra:stv-lc40lt0020f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:supra:stv-lc40lt0020f:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.33135

Средний

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-gh58-hv6c-gx26