Tag
#linux
The distribution suffers from an arbitrary file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
The application suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root, through the 'command' GET parameter in /tpl/commands.sh.
The application suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.
The application suffers from an unauthenticated live stream disclosure when /tpl/tv_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).
The application allows a remote attacker to change the root password of the system without authentication (disabled by default) and verification of previously assigned credential. Command execution also possible using several POST parameters.
The application allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or control remotely the TV.
The application is vulnerable to unauthenticated configuration download when direct object reference is made to the backup function using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.