CVE-2021-4465

Summary

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.

Affected Software

VendorProductVersion RangeStatus
ReQuest Serious Play LLCReQuest Serious Play Pro7.0.3.4968affected
ReQuest Serious Play LLCReQuest Serious Play7.0.2.4954affected
ReQuest Serious Play LLCReQuest Serious Play6.5.2.4954affected
ReQuest Serious Play LLCReQuest Serious Play6.4.2.4681affected
ReQuest Serious Play LLCReQuest Serious Play6.3.2.4203affected
ReQuest Serious Play LLCReQuest Serious Play2.0.1.823affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References