CVE-2021-27944

Name of the Vulnerable Software and Affected Versions: Vizio P65-F1 version 6.0.31.4-2 Vizio E50x-E1 version 10.0.31.4-2

Description: The issue concerns several high privileged APIs on Vizio Smart TVs that do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality. This leads to OS command execution. The specific attack methodology involves a file upload.

Recommendations: For Vizio P65-F1 version 6.0.31.4-2, consider restricting access to the high privileged APIs until a patch is available. For Vizio E50x-E1 version 10.0.31.4-2, consider disabling file upload functionality in the affected APIs as a temporary workaround.