Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2017-12929

Published: 21/09/2017 Updated: 29/09/2017
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 660
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Tecnovision

Vulnerability Summary

Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.

Vulnerable Product Search on Vulmon Subscribe to Product

tecnovision dlx spot player4 -

Exploits

Exploit DB: Tecnovision DLX Spot - Arbitrary File Upload
# Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE # Google Dork: "DlxSpot - Player4" # Date: 2017-05-14 # Discoverer: Simon Brannstrom # Authors Website: unknownpwngithubio/ # Vendor Homepage: wwwtecnovisioncom/ # Software Link: n/a # Version: >1510 # Tested on: Linux # About: DlxSpot is the so ...
Exploit DB: Tecnovision DLX Spot - SSH Backdoor Access
# Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password # Google Dork: "DlxSpot - Player4" # Date: 2017-05-14 # Discoverer: Simon Brannstrom # Authors Website: unknownpwngithubio/ # Vendor Homepage: wwwtecnovisioncom/ # Software Link: n/a # Version: All known versions # Tested on: Linux # About: DlxSpot i ...
Exploit DB: DlxSpot Hardcoded Password
DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root ...
Exploit DB: DlxSpot Shell Upload
DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability Versions greater than 1510 are affected ...
Exploit DB: DlxSpot SQL Injection
DlxSpot Player4 LED video wall suffers from a remote SQL injection vulnerability that allows for authentication bypass Versions greater than 1510 are affected ...

Github Repositories

https://github.com/unknownpwn/unknownpwn.github.io

infosec enthusiast and madman

Tecnovision LED Video Wall Vulnerabilities and Exploits From SQLi to full root access Introduction: Tecnovision is a manufacturer of LED Video Walls used in arenas (For example, Twickenham Stadium), concert halls, shopping malls, as roadsigns and much much more DlxSpot Player 4 is the software controller for some of these LED walls These are the unpatched exploits that I ha

References

CWE-434http://packetstormsecurity.com/files/144258/DlxSpot-Shell-Upload.htmlhttps://nvd.nist.govhttps://github.com/unknownpwn/unknownpwn.github.iohttps://www.exploit-db.com/exploits/42755/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook