PT-2022-8639 · H96 · H96 Pro Plus

Published

2022-07-20

Updated

2022-07-27

CVE-2020-21405

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions H96 Smart TV Box H96 Pro Plus (affected versions not specified)

Description An issue was discovered that allows attackers to corrupt files via calls to the saveDeepColorAttr service. This issue affects the H96 Smart TV Box H96 Pro Plus, enabling attackers to potentially compromise the system by manipulating file integrity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2020-21405

Affected Products

H96 Pro Plus

PT-2022-8639 · H96 · H96 Pro Plus

CVE-2020-21405

Weakness Enumeration

Related Identifiers

Affected Products

References · 3