PT-2022-19099 · Linkplay · Linkplay Sdk
Hidden
·
Published
2022-05-31
·
Updated
2022-12-09
·
CVE-2022-28605
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linkplay SDK version 1.00
Description
The issue concerns a hardcoded admin token in SoundBar apps using the Linkplay SDK, allowing remote attackers to gain admin privilege access.
Recommendations
For Linkplay SDK version 1.00, consider removing or modifying the hardcoded admin token to prevent unauthorized access. As a temporary workaround, restrict access to the admin interface until a patch is available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linkplay Sdk