53387.rar

HTTP GET request with a malicious X-Forwarded-For header. Technical Analysis

The server fails to sanitize the X-Forwarded-For header before processing it. 53387.rar

Upgrade Uniguest Tripleplay to version 24.2.1 or later immediately. HTTP GET request with a malicious X-Forwarded-For header

Restrict access to management interfaces to trusted networks only. 53387.rar

The flaw stems from via improper handling of the X-Forwarded-For header in HTTP GET requests.

Uniguest Tripleplay (Signage and IPTV platform). Vulnerable Versions: All versions prior to 24.2.1.

Implement Web Application Firewall (WAF) rules to detect and block suspicious command injection patterns in HTTP headers.