Pa Supra Smart Cloud TV vulnerability (CVE-2019-12477) yomwe imakupatsani mwayi wosintha pulogalamu yomwe ikuwonetsedwa pano ndi zomwe akuwukirayo. Mwachitsanzo, kutulutsa kwa chenjezo lopeka la zochitika zadzidzidzi kumawonetsedwa.
Kwa kuwukira, ndikokwanira kutumiza pempho la intaneti lopangidwa mwapadera lomwe silikufuna kutsimikizika. Makamaka, mutha kulumikiza "/remote/media_control?action=setUri&uri=" pofotokoza ulalo wa fayilo ya m3u8 yokhala ndi magawo amakanema, mwachitsanzo "http://192.168.1.155/remote/media_control?action=setUri&uri= http://attacker .com/fake_broadcast_message.m3u8."
Nthawi zambiri, kupeza adilesi ya IP ya TV kumangokhala pamaneti amkati, koma popeza pempholi limatumizidwa kudzera pa HTTP, ndizotheka kugwiritsa ntchito njira zopezera zinthu zamkati pomwe wogwiritsa ntchito atsegula tsamba lakunja lopangidwa mwapadera (mwachitsanzo, pansi pa HTTP). mawonekedwe a pempho lachithunzi kapena kugwiritsa ntchito ).
Source: opennet.ru