CVE-2021-4465
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to cause denial-of-service by sending a single crafted HTTP GET request to ReQuest Serious Play F3 Media Server, which can shut down or reboot the device. Affected systems include multiple versions of the F3 Media Server software.
💻 Affected Systems
- ReQuest Serious Play F3 Media Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption with device shutdown/reboot, potentially causing extended downtime and data loss if unsaved content is affected.
Likely Case
Service interruption leading to media streaming disruption and temporary unavailability of the media server.
If Mitigated
Limited impact if server is behind proper network segmentation and access controls.
🎯 Exploit Status
Exploit code is publicly available on Exploit-DB and Packet Storm. Single HTTP request required, making exploitation trivial.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: http://www.request.com/
Instructions:
No official patch available. Check vendor website for updates and consider upgrading to latest version if available.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to the media server's HTTP service to trusted networks only.
Firewall Rules
allImplement firewall rules to block external access to the media server's HTTP port (typically 80/443).
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the media server
- Monitor for suspicious HTTP requests and implement rate limiting if possible
🔍 How to Verify
Check if Vulnerable:
Check if running affected version. Test with known exploit payload if in controlled environment.Check Version:
Check web interface or system settings for version information. Command varies by platform.Verify Fix Applied:
Verify version is updated beyond affected versions. Test with exploit payload in safe environment.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP GET requests to media server
- Server shutdown/reboot events
- Connection spikes from single IP
Network Indicators:
- Single HTTP GET request causing server response failure
- Unusual traffic patterns to media server port
SIEM Query:
source_ip="*" AND dest_port="80" OR dest_port="443" AND http_method="GET" AND user_agent="*" AND response_code="500" OR response_code="503"🔗 References
- http://www.request.com/
- https://cxsecurity.com/issue/WLB-2020100122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190031
- https://packetstorm.news/files/id/159602
- https://www.exploit-db.com/exploits/48951
- https://www.vulncheck.com/advisories/request-serious-play-f3-media-server-remote-dos
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5601.php
- https://cxsecurity.com/issue/WLB-2020100122
- https://www.exploit-db.com/exploits/48951
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5601.php
