MVPower DVR Shell Unauthenticated Command Execution

Posted by deepcore on February 26, 2017 – 9:23 pm

This Metasploit module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The ‘shell’ file on the web interface executes arbitrary operating system commands in the query string. This Metasploit module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17). The TV-7108HE model is also reportedly affected, but untested.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Joomla com_jajobboard v1.5 – SQL Injection Vulnerability AlienVault OSSIM/USM Remote Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

MVPower DVR Shell Unauthenticated Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL