CVE-2019-15310
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled.
Affected (1)
Related CWEs
CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
References (6)
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.