SUMMARY
The following vulnerability were found in QVidium Technologies Amino A140.
CVE-2022-40021
Old versions of the QVidium Technologies Amino A140 set-top decoder contain a command injection vulnerability in the web management interface.
IMPACT
Access Vector:Local Network Exploitable
Access Complexity:Low
Authentication:Not required to exploit
Impact Type:Allows remote code execution, Allows disruption of service
Privilege Level:root
AFFECTED PRODUCTS
SOFTWARE FIXES
The QVidium Technologies Amino A140 is a now an unsupported product. More recent versions of the product with updated firmware can be found at https://www.qvidium.com/QVDEC.html.
If you are unable to obtain the latest officially supported product, it is recommended that you block access to the web management ports on the device.