| शीर्षक | AV Stumpfl Pixera Two Media Server < 25.2 R3 Remote Code Execution |
|---|
| विवरण | An unauthenticated person with network access can obtain Remote Code Execution (RCE) by abusing the websocket API on the web server running on port 1338, which is open by default. This issue allows anyone on the network to take control of the Pixera media server, allowing them to run arbitrary commands, modify files, mine cryptocurrency, and pivot across connected networks.
---
Note: It appears Pixera's version format has changed over time. Previously, it used 2.0.XXX. Now it seems to use the year of release plus a minor version and revision number such as 25.2 R3.
---
Vulnerability reporting and patching has been performed in 2025. Pending CVE-ID for disclosure. |
|---|
| स्रोत | ⚠️ https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608 |
|---|
| उपयोगकर्ता | trebledj (UID 94356) |
|---|
| सबमिशन | 14/04/2026 09:23 PM (2 महीनों पहले) |
|---|
| संयम | 02/05/2026 10:41 PM (18 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360872 [AV Stumpfl Pixera Two Media Server तक 25.2 R2 Websocket API अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|