Uniguest Tripleplay (Signage and IPTV platform). Vulnerable Versions: All versions prior to 24.2.1.
The server fails to sanitize the X-Forwarded-For header before processing it. 53387.rar
Unauthenticated Remote Code Execution (RCE). Uniguest Tripleplay (Signage and IPTV platform)
Restrict access to management interfaces to trusted networks only. 53387.rar
The "53387.rar" archive typically contains a proof-of-concept (PoC) or exploit script (often seen on platforms like Exploit-DB ) that demonstrates the following:
The flaw stems from via improper handling of the X-Forwarded-For header in HTTP GET requests.
Upgrade Uniguest Tripleplay to version 24.2.1 or later immediately.