CVE-2019-12477

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri= URI...

Supra Smart Cloud TV Remote File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Supra Smart Cloud TV Remote File Inclusion', 'Description' = %q This module exploits an unauthenticated remote file inclusion which exists in Sup...

Supra Smart Cloud TV Remote File Inclusion

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri&uri= URI. Recent assessments: pbarry-r7 at November 20, 2019 11:40pm UTC reported: Have to be on...

Supra Smart Cloud TV Remote File Inclusion

An authentication bypass vulnerability exists in Supra Smart Cloud TV. Successful exploitation of this vulnerability would allow a local attacker to broadcast any video without any authentication or to broadcast a fake emergency message...

Supra Smart Cloud TV Remote File Inclusion

This module exploits an unauthenticated remote file inclusion which exists in Supra Smart Cloud TV. The media control for the device doesn't have any session management or authentication. Leveraging this, an attacker on the local network can send a crafted request to broadcast a fake video. This...

CVE-2019-12477

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri&uri= URI...

Remote file inclusion

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri&uri= URI...

CVE-2019-12477

The CVE-2019-12477 entry describes a remote file inclusion in Supra Smart Cloud TV. The openLiveURL function is vulnerable to unauthenticated remote file inclusion via /remote/media_control?action=setUri&uri=, allowing a local attacker on the same network to broadcast fake video without authentic...

CVE-2019-12477

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri&uri= URI...

Supra Smart Cloud TV - openLiveURL() Remote File Inclusion Vulnerability

Exploit for hardware platform in category web applications Supra Smart Cloud TV - 'openLiveURL' Remote File Inclusion Exploit Author: Dhiraj Mishra Vendor Homepage: https://supra.ru Software Link: https://supra.ru/catalog/televizory/televizorsuprastvlc40lt0020f/ CVE: CVE-2019-12477 References:...

Supra Smart Cloud TV - openLiveURL() Remote File Inclusion

Supra Smart Cloud TV - openLiveURL Remote File Inclusion Exploit Title: Remote file inclusion Date: 03-06-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://supra.ru Software Link: https://supra.ru/catalog/televizory/televizorsuprastvlc40lt0020f/ CVE: CVE-2019-12477 References:...

Supra Smart Cloud TV Remote File Inclusion

Exploit Title: Remote file inclusion Date: 03-06-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://supra.ru Software Link: https://supra.ru/catalog/televizory/televizorsuprastvlc40lt0020f/ CVE: CVE-2019-12477 References: https://nvd.nist.gov/vuln/detail/CVE-2019-12477...