TVU Networks Customer Security Advisory – Classification: Public
Summary
A vulnerability has been discovered which could allow an unauthorized user to guess an unmodified default password for the TVU Receiver WebControl service.
Affected Scope
All TVU Receivers on which the default password for remote control of the system has not been changed.
Response
TVU Networks recommend the following actions.
TVU Receivers running the Linux operating system version 7.7 or later:
Customers are advised to review and, if necessary, change the default WebControl password of their receivers.
TVU Receivers running the Linux operating system version 7.6 or earlier:
Customers are advised to review and, if necessary, change the default WebControl passwords.
TVU Support to arrange an upgrade of your system at support@tvunetworks.com
All TVU Receivers that are based on the Microsoft Windows 7 operating system:
Note: The Microsoft Windows 7 Operating system has been unsupported since January 2020 and should be strongly considered for immediate replacement. Customers still running this OS should contact their local sales representative to discuss upgrade options.
Customers are advised to review and, if necessary, change the default WebControl passwords.
Customers exclusively using the Windows desktop UI should disable the “Enable Web Control” feature of the software.
© Copyright 2023 TVU Networks Corporation. All rights reserved in all media.
Document Part Number: TVU Networks Customer Security Advisory Rev A EN 02-2023