CVE-2019-15311

Name of the Vulnerable Software and Affected Versions Zolo Halo devices via the Linkplay firmware (affected versions not specified)

Description An issue was discovered in Zolo Halo devices, allowing for LAN remote code execution. The devices have a GoAhead web server listening on port 80, and the /httpapi.asp endpoint is vulnerable to multiple command execution vulnerabilities.

Recommendations As a temporary workaround, consider disabling the /httpapi.asp endpoint until a patch is available. Restrict access to the GoAhead web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.