Zero Science Lab » ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service

ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service

Title: ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service
Advisory ID: ZSL-2020-5601
Type: Local/Remote
Impact: DoS
Risk: (3/5)
Release Date: 18.10.2020

Summary

F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease.

Description

The device can be shutdown or rebooted by an unauthenticated attacker when issuing one HTTP GET request.

Vendor

ReQuest Serious Play LLC - http://www.request.com

Affected Version

7.0.3.4968 (Pro)
7.0.2.4954
6.5.2.4954
6.4.2.4681
6.3.2.4203
2.0.1.823

Tested On

ReQuest Serious Play® OS v7.0.1
ReQuest Serious Play® OS v6.0.0
Debian GNU/Linux 5.0
Linux 3.2.0-4-686-pae
Linux 2.6.36-request+lenny.5
Apache/2.2.22
Apache/2.2.9
PHP/5.4.45
PHP/5.2.6-1

Vendor Status

[01.08.2020] Vulnerability discovered.
[16.08.2020] Vendor contacted.
[17.10.2020] No response from the vendor.
[18.10.2020] Public security advisory released.

PoC

request_dos.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://packetstormsecurity.com/files/159602/
[2] https://cxsecurity.com/issue/WLB-2020100122
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/190031
[4] https://www.exploit-db.com/exploits/48951

Changelog

[18.10.2020] - Initial release
[20.10.2020] - Added reference [1] and [2]
[26.10.2020] - Added reference [3] and [4]

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk