PT-2017-12785 · Tecnovision · Tecnovision Dlx Spot Player

Published

2017-09-21

Updated

2017-09-29

CVE-2017-12930

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TecnoVISION DLX Spot Player4 versions prior to 1.5.10

Description The issue allows remote unauthenticated users to access the web interface as administrator via a crafted password, specifically through SQL Injection in the admin interface.

Recommendations For TecnoVISION DLX Spot Player4 versions prior to 1.5.10, update to version 1.5.10 or later to resolve the issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-12930

Affected Products

Tecnovision Dlx Spot Player

PT-2017-12785 · Tecnovision · Tecnovision Dlx Spot Player

CVE-2017-12930

Weakness Enumeration

Related Identifiers

Affected Products

References · 4