CVE-2017-6631

Name of the Vulnerable Software and Affected Versions YesMaxTotal (affected versions not specified) YesMax HD (affected versions not specified) YesQuattro STB (affected versions not specified)

Description A vulnerability in the HTTP remote procedure call (RPC) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue exists because the firmware fails to handle certain XML values passed to the HTTP RPC service. An attacker could exploit this by submitting a malformed request, causing the device to restart and resulting in a DoS condition.

Recommendations For YesMaxTotal, update to the latest firmware provided by Yes to address the vulnerability. For YesMax HD, update to the latest firmware provided by Yes to address the vulnerability. For YesQuattro STB, update to the latest firmware provided by Yes to address the vulnerability.