CVE-2020-7842

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting using ntpServerlp1 parameter for the users. This affects D'live set-top box APWF2429TB v1.1.10...

EUVD-2017-18425

Malware in sbrugna...

EUVD-2017-18429

Malware in sbrugna...

EUVD-2020-28774

Malware in sbrugna...

EUVD-2020-3964

Malware in sbrugna...

Arris VIP1113 安全漏洞

The Arris VIP1113 is a set-top box for HD IPTV services from Arris USA. A security vulnerability exists in the Arris VIP1113 version 2025-05-30 and earlier, which stems from a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...

Arris VIP1113 安全漏洞

The Arris VIP1113 is a set-top box for HD IPTV services from Arris USA. A security vulnerability exists in the Arris VIP1113 version 2025-05-30 and earlier, which stems from a specially crafted /usr/bin/gunzip file that could lead to arbitrary image booting...

CVE-2020-11617

The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client...

CVE-2020-11618

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol...

SUSE CVE-2017-9333

OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger...

UBUNTU-CVE-2022-49678

In the Linux kernel, the following vulnerability has been resolved: soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstbpmprobe offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from STB unavailability detection...

QVidium Technologies Amino A140 命令注入漏洞

The QVidium Technologies Amino A140 is a HD IPTV/OTT set-top box from QVidium Technologies. A security vulnerability exists in the QVidium Technologies Amino A140 versions prior to firmware version 1.0.0-283 that originates from a command injection in the web management interface of older QVidium...

ZTE ZXvSTB License Issue Vulnerability

ZTE ZXvSTB is a cloud-enabled set-top box from China's ZTE. The ZTE ZXvSTB suffers from an authorization issue vulnerability that stems from improper privilege control, which can be exploited by an attacker to remove the default application type and affect the normal use of the system...

CVE-2022-23144

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system...

THOMSON TCW710 跨站脚本漏洞

The THOMSON TCW710 is a set-top box from THOMSON Canada. A security vulnerability exists in the THOMSON TCW710 ST5D.10.05 version, which originates from an unknown section of the file /goform/RgDhcp. A remote attacker can exploit the vulnerability to cause a stored cross-site scripting attack usi...

CVE-2021-41873

CVE-2021-41873 concerns Penguin Aurora TV Box 41502 (a high-end network HD set-top box by Tencent Video/Skyworth Digital). Connected sources corroborate an unauthorized access vulnerability that lets an attacker use a specific link to remotely control the TV. The NVD entry lists a very high CVSS ...

ZTE ZXIPTV 跨站脚本漏洞

ZTE ZXIPTV is a set-top box from ZTE ZTE. A cross-site scripting vulnerability exists in ZTE ZXIPTV EASP version 5.06.04.09, which stems from the application's lack of validation of user input data and filtering of input data. The vulnerability can be exploited by an attacker to trick a user into...

Command execution vulnerability in TamronOS IPTV/VOD system (CNVD-2021-49564)

TamronOS IPTV/VOD system is a set of Linux kernel-based development of broadband operators, hotels, schools, live on-demand all-in-one solution, the system provides a variety of clients Android set-top box, TV, PC on-demand, cell phone on-demand to facilitate user access through different devices...

ZTE ZXV10 B860A Information Disclosure Vulnerability

The ZTE ZXV10 B860A is a network set-top box from China's ZTE Corporation ZTE. The ZTE ZXV10 B860A suffers from an information disclosure vulnerability that stems from the device not adequately validating logs, which can be exploited by an attacker to gain access to sensitive user information for...