Zero Science Lab

The application is prone to a PHP Object Injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.

The application suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.

The application suffers from an unauthenticated live stream disclosure when /tpl/tv_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).

The application allows a remote attacker to change the root password of the system without authentication (disabled by default) and verification of previously assigned credential. Command execution also possible using several POST parameters.

The application allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or control remotely the TV.

The application is vulnerable to unauthenticated configuration download when direct object reference is made to the backup function using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

The distribution suffers from an arbitrary file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

The application suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root, through the 'command' GET parameter in /tpl/commands.sh.

SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.

Input passed to the GET parameter 'action' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.