CVE-2022-36246 – Shop Beat Media Player versions 2.5.95 through ... (How to Fix)

📋 TL;DR

Shop Beat Media Player versions 2.5.95 through 3.2.57 have insecure permissions that allow unauthorized access to sensitive functionality or data. This affects all users running these vulnerable versions of the software.

💻 Affected Systems

Products:

Shop Beat Media Player

Versions: 2.5.95 to 3.2.57

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable by default.

📦 What is this software?

Shop Beat Media Player by Shopbeat

View all CVEs affecting Shop Beat Media Player →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, access sensitive data, or take full control of affected systems.

🟠

Likely Case

Unauthorized access to application data, configuration files, or user information stored by the media player.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege principles, and security controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Insecure permissions vulnerabilities typically require minimal technical skill to exploit once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.2.58 or later

Vendor Advisory: https://www.shopbeat.co.za

Restart Required: Yes

Instructions:

1. Download latest version from shopbeat.co.za
2. Uninstall current version
3. Install updated version
4. Restart system

🔧 Temporary Workarounds

Restrict Application Permissions

windows

Manually adjust file and directory permissions to restrict access to Shop Beat Media Player files

icacls "C:\Program Files\Shop Beat Media Player" /deny Everyone:(OI)(CI)F

🧯 If You Can't Patch

Remove Shop Beat Media Player from internet-facing systems
Implement network segmentation to isolate affected systems

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Shop Beat Media Player to see if version is between 2.5.95 and 3.2.57

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 3.2.58 or higher in Help > About menu

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to Shop Beat Media Player directories
Permission modification events

Network Indicators:

Unusual network traffic to/from media player application

SIEM Query:

EventID=4663 AND ObjectName LIKE '%Shop Beat Media Player%'

📊 Metadata

CVE ID: CVE-2022-36246

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-264

Published: May 30, 2023

Last Updated: January 13, 2025

🔗 References

https://www.shopbeat.co.za Product
https://www.shopbeat.co.za Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-36246, you might also want to check these: