CVE-2018-13989

Name of the Vulnerable Software and Affected Versions Grundig Smart Inter@ctive TV version 3.0

Description The issue allows for CSRF attacks via a POST request to TCP port 8085, utilizing a predictable ID value. For example, a request to the API endpoint "/sendrcpackage" with parameters such as keyid and keysymbol can be used to shut off the device.

Recommendations For Grundig Smart Inter@ctive TV version 3.0, as a temporary workaround, consider restricting access to the TCP port 8085 to minimize the risk of exploitation. Avoid using the /sendrcpackage API endpoint with parameters like keyid and keysymbol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.