CSRF Vulnerability in Grundig Smart Inter@ctive TV 3.0 Devices via Predictable ID Value

CSRF Vulnerability in Grundig Smart Inter@ctive TV 3.0 Devices via Predictable ID Value

CVE-2018-13989 · HIGH Severity

AV:N/AC:M/AU:N/C:P/I:P/A:C

Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.

Learn more about our Web Application Penetration Testing UK.