Login Sign Up

CVE-2019-15310

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Linkplay devices without user interaction. Attackers can retrieve AWS keys from firmware to control Linkplay's AWS infrastructure and combine this with command injection in the firmware update process. All devices with automatic updates enabled are affected.

💻 Affected Systems

Products:
  • Various Linkplay firmware devices
Versions: All versions prior to patched firmware
Operating Systems: Linkplay firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with automatic updates enabled are most vulnerable. Specific device models not fully enumerated in public disclosures.

📦 What is this software?

Linkplay by Linkplay

View all CVEs affecting Linkplay →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Linkplay's AWS estate including S3 buckets, plus remote code execution on all vulnerable devices, potentially creating a botnet or persistent backdoor.

🟠

Likely Case

Remote code execution on vulnerable devices leading to device compromise, data theft, and potential lateral movement in networks.

🟢

If Mitigated

Limited impact if devices are isolated from internet and automatic updates are disabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires combining multiple vulnerabilities: AWS key extraction and XML parsing command injection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - check with vendor

Vendor Advisory: https://linkplay.com/

Restart Required: Yes

Instructions:

1. Contact Linkplay for patched firmware. 2. Download updated firmware. 3. Apply firmware update to all affected devices. 4. Verify update completion and device functionality.

🔧 Temporary Workarounds

Disable Automatic Updates

all

Prevent devices from automatically downloading and installing potentially malicious firmware updates

Network Segmentation

all

Isolate Linkplay devices from internet and critical network segments

🧯 If You Can't Patch

  • Segment devices on isolated VLAN with no internet access
  • Implement strict firewall rules blocking all inbound connections to devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor's patched version list. Monitor for unexpected firmware update attempts.

Check Version:

Device-specific - consult manufacturer documentation

Verify Fix Applied:

Verify firmware version matches patched version from vendor. Test that automatic updates can be disabled.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected firmware update processes
  • XML parsing errors in device logs
  • Unauthorized AWS API calls from device IPs

Network Indicators:

  • Unusual outbound connections to AWS services
  • Firmware download attempts from unexpected sources
  • XML payloads in update traffic

SIEM Query:

source="linkplay-device" AND (event="firmware_update" OR event="xml_parse_error")

📊 Metadata

CVE ID: CVE-2019-15310
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: July 1, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15310, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)