CVE-2020-21405 – This vulnerability in H96 Smart TV Box H96 Pro ... (How to Fix)

Q: What is the severity of CVE-2020-21405?

CVE-2020-21405 has a CVSS score of 7.5 (HIGH). This vulnerability in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files by exploiting the saveDeepColorAttr service. Attackers can potentially disrupt device functionality or cause denial of service. Users of affected H96 TV boxes are at risk.

📋 TL;DR

This vulnerability in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files by exploiting the saveDeepColorAttr service. Attackers can potentially disrupt device functionality or cause denial of service. Users of affected H96 TV boxes are at risk.

💻 Affected Systems

Products:

H96 Smart TV Box H96 Pro Plus

Versions: All versions prior to patch (specific version unknown)

Operating Systems: Android-based TV OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with the vulnerable saveDeepColorAttr service enabled by default.

📦 What is this software?

H96 Pro Plus Firmware by H96tvbox

View all CVEs affecting H96 Pro Plus Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system corruption rendering the TV box unusable, requiring hardware replacement.

🟠

Likely Case

File corruption causing application crashes, loss of settings, or partial functionality loss.

🟢

If Mitigated

Limited impact if device is isolated from untrusted networks and services are restricted.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the device and knowledge of the vulnerable service endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check manufacturer website for firmware updates.

🔧 Temporary Workarounds

Disable vulnerable service

all

Disable or block access to the saveDeepColorAttr service if possible through device settings.

Network isolation

all

Place TV box on isolated network segment without internet access or untrusted network access.

🧯 If You Can't Patch

Disconnect device from internet and untrusted networks
Monitor for unusual device behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Check if device responds to calls to saveDeepColorAttr service endpoint. Review device logs for service access attempts.

Check Version:

Check firmware version in device settings: Settings > About > Build number

Verify Fix Applied:

Test if saveDeepColorAttr service is still accessible or causing file corruption.

📡 Detection & Monitoring

Log Indicators:

Unusual access to saveDeepColorAttr service
File corruption errors
Service crashes

Network Indicators:

Network traffic to TV box on unusual ports
Requests to saveDeepColorAttr endpoint

SIEM Query:

source="tvbox" AND (event="saveDeepColorAttr" OR error="file_corruption")

📊 Metadata

CVE ID: CVE-2020-21405

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: July 20, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/helloworldxp/TVBoxBugs/blob/master/H96_Pro_Plus_SmartTV_Vulnerability Exploit,Third Party Advisory
https://github.com/helloworldxp/TVBoxBugs/blob/master/H96_Pro_Plus_SmartTV_Vulnerability Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-21405, you might also want to check these: