CVE-2024-50395 CVE Info An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later PoC GIF Root Cause GET Method Authorization Bypass The Function FUN_001293f0 in Ghidra, that maybe called ParseHttpHeaders function in original source code, parse http header data from requests by client. That function also parse “User-Agent” and get value. c iVar4 = strncasecmp((char *)__s,"User-Agent",10); if (iVar4 == 0) { pcVar6 = strstr((char *)__s,"Twonky"); if ((pcVar6 == (char *)0x0) && (pcVar6 = strstr((char *)__s,"twonky"), pcVar6 == (char *)0x0)) { if (((local_138 == g_DefaultClientTypeId) && (uVar5 == 0)) || (lVar14 = strstrc(__s,"AppleCoreMedia",0xd), puVar9 = local_120, lVar14 != 0)) { ppuVar10 = __ctype_b_loc(); do { puVar9 = puVar9 + 1; } while ((*(byte *)((long)*ppuVar10 + (long)(char)*puVar9 * 2 + 1) & 0x20) != 0); lVar11 = 0; pcVar6 = *(char **)(client_type_patterns + 8); lVar14 = client_type_patterns; lVar18 = client_type_patterns; while (pcVar6 != (char *)0x0) { if (*(int *)(lVar14 + 0x10) == 1) { if (*(int *)(lVar14 + 0x14) == 0) { lVar14 = strstrc(puVar9,pcVar6,0xd); …Read More