Hauv Supra Smart Cloud TVs Muaj qhov tsis zoo (CVE-2019-12477) uas tso cai rau tus neeg tawm tsam ua txuj ua li cov ntsiab lus ntawm tus neeg tawm tsam uas tab tom saib tam sim no. Ib qho piv txwv yog qhia txog kev ceeb toom xwm txheej ceev cuav.
Yuav ua ib qho kev tawm tsam, tsuas yog xa ib qho kev thov tshwj xeeb uas tsis tas yuav tsum tau lees paub. Tshwj xeeb, koj tuaj yeem nkag mus rau "/remote/media_control?action=setUri&uri=" handler los ntawm kev teev URL ntawm cov ntaub ntawv m3u8 nrog cov kev teeb tsa video, piv txwv li, "http://192.168.1.155/remote/media_control?action=setUri&uri=http://attacker.com/fake_broadcast_message.m3u8."
Feem ntau, kev nkag mus rau TV qhov chaw nyob IP tsuas yog txwv rau lub network sab hauv, tab sis txij li thaum qhov kev thov raug xa mus ntawm HTTP, nws muaj peev xwm siv cov txheej txheem los nkag mus rau cov peev txheej sab hauv thaum tus neeg siv qhib nplooj ntawv sab nraud tsim tshwj xeeb (piv txwv li, nyob rau hauv lub ntsej muag ntawm daim duab thov lossis siv txoj kev ).
Tau qhov twg los: opennet.ru
