CVE-2020-21405 : An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to cor

An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk

Published 2022-07-20 19:15:08

Updated 2022-07-27 17:18:02

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-21405

H96tvbox » H96 Pro Plus Firmware » Version: N/A
cpe:2.3:o:h96tvbox:h96_pro_plus_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: H96tvbox » H96 Pro Plus » Version: N/A

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Assigned by: nvd@nist.gov (Primary)

https://github.com/helloworldxp/TVBoxBugs/blob/master/H96_Pro_Plus_SmartTV_Vulnerability

TVBoxBugs/H96_Pro_Plus_SmartTV_Vulnerability at master · helloworldxp/TVBoxBugs · GitHub
Exploit;Third Party Advisory

Jump to