CVE-2020-27403

Name of the Vulnerable Software and Affected Versions TCL Android Smart TV series V8-R851T02-LF1 versions V295 and below TCL Android Smart TV series V8-T658T01-LF1 versions V373 and below

Description A vulnerability in the TCL Android Smart TV series allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network can download most system files, leading to serious critical information disclosure. Some TV models and/or firmware versions may expose the web server with the entire file system accessible on another port.

Recommendations For TCL Android Smart TV series V8-R851T02-LF1 versions V295 and below: As a temporary workaround, consider disabling access to the insecure web server running on port 7989 until a patch is available. For TCL Android Smart TV series V8-T658T01-LF1 versions V373 and below: Restrict access to the web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.