Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.
References
Link | Resource |
---|---|
https://www.l9group.com/advisories/vizio-tv-unauthenticated-remote-code-execution | Exploit Third Party Advisory |
https://www.vizio.com | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-26T11:23:00
Updated: 2021-08-26T11:23:00
Reserved: 2021-03-03T00:00:00
Link: CVE-2021-27944
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-26T12:15:07.137
Modified: 2022-06-28T14:11:45.273
Link: CVE-2021-27944
JSON object: View
Redhat Information
No data.
CWE