Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-26T11:23:00
Updated: 2024-08-03T21:33:16.760Z
Reserved: 2021-03-03T00:00:00
Link: CVE-2021-27944
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-26T12:15:07.137
Modified: 2024-11-21T05:58:52.880
Link: CVE-2021-27944
Redhat
No data.