← Back

Linkplay

linkplay

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Linkplay
linkplay
3 CVEs
Sound Bar
sound_bar
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-28605
1Linkplay
1Sound Bar
Nov 21, 2024
Jun 2, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory
CVE-2019-15312
1Linkplay
1Linkplay
Nov 21, 2024
Jul 1, 2020
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoi...Show more
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet.Show less
CVE-2019-15311
1Linkplay
1Linkplay
Nov 21, 2024
Jul 1, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp en...Show more
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities.Show less
CVE-2019-15310
1Linkplay
1Linkplay
Nov 21, 2024
Jul 1, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Lin...Show more
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled.Show less