CVE-2019-15310

Name of the Vulnerable Software and Affected Versions Linkplay firmware (affected versions not specified)

Description An issue was discovered in the Linkplay firmware, allowing WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware, gaining full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker could gain code execution on any device that attempted to update. By default, all devices tested had automatic updates enabled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.