Cayin Signage Media Player 3.0 Root Remote Command Injection
Posted by deepcore on June 5, 2020 – 5:23 pm
CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
Post a reply
You must be logged in to post a comment.