EUVD-2020-27985

Malware in sbrugna...

CVE-2025-55971

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 Android TV, Kernel 5.4.242+, is vulnerable to a blind, unauthenticated Server-Side Request Forgery SSRF vulnerability via the UPnP MediaRenderer service AVTransport:1. The device accepts unauthenticated SetAVTransportURI SOAP...

CVE-2025-55971

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 Android TV, Kernel 5.4.242+, is vulnerable to a blind, unauthenticated Server-Side Request Forgery SSRF vulnerability via the UPnP MediaRenderer service AVTransport:1. The device accepts unauthenticated SetAVTransportURI SOAP...

CVE-2025-55971

CVE-2025-55971 affects TCL 65C655 Smart TV firmware V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+). The issue is a blind, unauthenticated Server-Side Request Forgery via the UPnP MediaRenderer AVTransport:1 service. The device accepts unauthenticated SetAVTransportURI SOAP requests over ...

CVE-2025-55972

CVE-2025-55972 affects TCL Smart TVs with a vulnerable UPnP/DLNA MediaRenderer implementation. The issue arises when an attacker sends a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, enabling a remote, unauthenticated Denial of Service. The device b...

PT-2025-40532

Name of the Vulnerable Software and Affected Versions TCL Smart TV affected versions not specified Description A TCL Smart TV with a vulnerable UPnP/DLNA MediaRenderer implementation is susceptible to a remote, unauthenticated Denial of Service DoS condition. An attacker can send a flood of...

The vulnerability of the administrator consoles of microprogrammed software for wireless signal amplifiers from D-Link’s DCH-M225 allows a intruder to execute arbitrary commands.

The vulnerability of the administrator consoles of microprogrammed software for D-Link DCH-M225 wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the “media renderer” parameter in the...

D-Link DCH-M225 Arbitrary OS Command Execution Vulnerability

The DCH-M225 is a Wifi portable audio extender. An arbitrary OS command execution vulnerability exists in D-Link DCH-M225 version 1.05b01 and earlier. A remote authenticated administrator can exploit this vulnerability to execute arbitrary OS commands via shell metacharacters in the media rendere...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

Design/Logic Flaw

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Recent assessments: kevthehermit at February 22, 2020 11:00pm UTC reported: This analysis is a transcript of a public gist – Original...

PT-2020-6867 · D Link · Dch-M225

Name of the Vulnerable Software and Affected Versions: D-Link DCH-M225 versions 1.05b01 and earlier Description: The issue is related to the lack of proper sanitization of special elements used in the operating system command when processing the media renderer parameter in the name string. This...