CVE-2019-15312

Name of the Vulnerable Software and Affected Versions Zolo Halo devices via the Linkplay firmware (affected versions not specified)

Description An issue was discovered that allows a DNS rebinding attack on the device. This attack, combined with command-execution security issues via the "/httpapi.asp" endpoint, could allow an attacker to compromise the victim device from the Internet.

Recommendations As a temporary workaround, consider restricting access to the "/httpapi.asp" endpoint until a patch is available. Avoid using the device until a fix is provided, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.