Ahmethan-Gultekin

**Name of the Vulnerable Software and Affected Versions** Grundig Smart Inter@ctive TV version 3.0 **Description** The issue allows for CSRF attacks via a POST request to TCP port 8085, utilizing a predictable ID value. For example, a request to the API endpoint "/sendrcpackage" with parameters such as `keyid` and `keysymbol` can be used to shut off the device. **Recommendations** For Grundig Smart Inter@ctive TV version 3.0, as a temporary workaround, consider restricting access to the TCP port 8085 to minimize the risk of exploitation. Avoid using the `/sendrcpackage` API endpoint with parameters like `keyid` and `keysymbol` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.