CVE-2019-13474

Name of the Vulnerable Software and Affected Versions TELESTAR Bobs Rock Radio version (affected versions not specified) Dabman D10 version (affected versions not specified) Dabman i30 Stereo version (affected versions not specified) Imperial i110 version (affected versions not specified) Imperial i150 version (affected versions not specified) Imperial i200 version (affected versions not specified) Imperial i200-cd version (affected versions not specified) Imperial i400 version (affected versions not specified) Imperial i450 version (affected versions not specified) Imperial i500-bt version (affected versions not specified) Imperial i600 TN81HH96-g102h-g102 version (affected versions not specified)

Description The issue is related to insufficient access control for various commands. The affected commands include /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo.

Recommendations For TELESTAR Bobs Rock Radio, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Dabman D10, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Dabman i30 Stereo, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Imperial i110, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Imperial i150, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Imperial i200, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Imperial i200-cd, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Imperial i400, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Imperial i450, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Imperial i500-bt, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available. For Imperial i600 TN81HH96-g102h-g102, restrict access to the /set dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands until a fix is available.