Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local malicious user to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
supra stv-lc40lt0020f_firmware - |
Tweet deleted as telly maker reconsiders damning but refreshingly honest messaging
Samsung on Sunday sent out a tweet urging people to check their Sammy smart TVs for viruses – and then deleted the message, as if someone realized that highlighting the risks posed by connected TVs may be bad for business. The Twitter post, sent via the South Korean manufacturer's @SamsungSupport account, remains preserved for posterity thanks to the Internet Archive's Wayback Machine. "Scanning your computer for malware viruses is important to keep it running smoothly," the message warned. "T...
Video streams can be hijacked by anyone on your Wi-Fi Pewdiepie fanboi printer, Chromecast haxxx0r retreats, says they're 'afraid of being caught'
Owners of Supra Smart Cloud TVs are in danger of getting some unwanted programming: it's possible for miscreants or malware on your Wi-Fi network to switch whatever you're watching for video of their or its choosing. Bug-hunter Dhiraj Mishra laid claim to CVE-2019-12477, a remote file inclusion zero-day vulnerability that allows anyone with local network access to specify their own video to display on the TV, overriding whatever is being shown, with no password necessary. As such it's more likel...