VYPR

firmware

by Linkplay

CVEs (2)

  • CVE-2019-15311CriJul 1, 2020
    risk 0.64cvss 9.8epss 0.08

    An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to…

  • CVE-2019-15312HigJul 1, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding…