Описание
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:vizio:p65-f1_firmware:6.0.31.4-2:*:*:*:*:*:*:*
cpe:2.3:h:vizio:p65-f1:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:vizio:e50x-e1_firmware:10.0.31.4-2:*:*:*:*:*:*:*
cpe:2.3:h:vizio:e50x-e1:-:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-307
Связанные уязвимости
github
больше 3 лет назад
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations.
EPSS
Процентиль: 42%
0.00203
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-307