PT-2020-12730 · Thomson+1 · Thomson Tht741Fta+1

Published

2020-08-31

Updated

2020-09-09

CVE-2020-11617

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions THOMSON THT741FTA version 2.2.1 Philips DTR3502BFTA DVB-T2 version 2.2.1

Description The RSS application on the set-top boxes does not validate the SSL certificates of RSS servers. This allows a man-in-the-middle attacker to modify the data delivered to the client.

Recommendations For THOMSON THT741FTA version 2.2.1, consider disabling the RSS application until a patch is available. For Philips DTR3502BFTA DVB-T2 version 2.2.1, consider disabling the RSS application until a patch is available.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2020-11617

Affected Products

Philips Dtr3502Bfta Dvb-T2

Thomson Tht741Fta

PT-2020-12730 · Thomson+1 · Thomson Tht741Fta+1

CVE-2020-11617

Weakness Enumeration

Related Identifiers

Affected Products

References · 4