Full title: MVPower DVR TV-7104HE 1.8.4 115215B9 Shell Unauthenticated Command Execution Exploit 
Category: remote exploits
Platform: hardware
This Metasploit module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This Metasploit module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17). The TV-7108HE model is also reportedly affected, but untested.

# 0day.today @ http://0day.today/