Some models have different open port for webserver with root fs (7983) #1
Comments
|
|
|
Confirmed vulnerability not just from localhost but also from LAN. Discovered SQlite db of supported TV models of the FW. Whopping 235 models of TVs are probably affected, branded TCL, Thomson and others: ClientType ModelName |
|
Thanks I have forwarded to VP of TCL USA & Engineering team as the Security team hasn't been invented yet. |
|
Closing out since this was fixed, see https://www.tcl.com/global/en/news/alert-vulnerabilities-found-in-tcl-android-tvs.html |
Related to https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-009.md / CVE-2020-27403
Tested on TCL U43P6064 with Android 8.0 (version 501 or something like that, cannot find the exact version on the TV anymore). Installed f-droid on the TV and NetworkMapper (nmap) and scanned all ports on localhost (127.0.0.1). Serveral open ports, and port 7983 contained the same http server with the entire fs available for free. Any app could this way access anything, bypassing all security.
Not binded to wifi ip address, however, perhaps already fixed remotely by TCL. Localhost binding still present and several other services available via localhost as well: particularly nmap found these open ports bound to 127.0.0.1 with 7983/tcp (http) containing the webserver with the filesystem.
Open TCP ports found via nmap:
Some data returned but fingerprint not detected by nmap:
The text was updated successfully, but these errors were encountered: