I’ve had a fiber connection in my home for years and also opted for the ‘digital TV’ package, which basically means I switched my main TV from a DVB-C setup to IPTV. Both had a very professional approach and took these issues seriously. CVE-2020–10209 - Command Injection in the CPE WAN Management Protocol (CWMP) registrationĪll findings have been resolved by Caiway/Delta and Aminocom after I informed them.CVE-2020–10208 - Command Injection in EntoneWebEngine. CVE-2020–10207 - Use of Hard-coded Credentials in EntoneWebEngine.CVE-2020–10206 - Use of a Hard-coded Password in VNCserver in Amino Communications Aria 7.Earlier this year I decided to take a look at the Aminocom Aria 7 settopbox (STB) I received from my ISP Caiway / Delta to see if I could get shell access on the device and take a further look into its inner workings.Īs it turned out I was not only able to get a shell on the device but also take full control of all STBs in the IPTV network, which allowed me to view details of the streams customers were watching, changing the channels, control volume and even streaming my own content to the devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |