CVE-2021-4465 PUBLISHED

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.

• Gjoko Krstic of Zero Science Lab finder

• https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5601.php
• https://www.exploit-db.com/exploits/48951
• https://packetstorm.news/files/id/159602
• https://cxsecurity.com/issue/WLB-2020100122
• https://exchange.xforce.ibmcloud.com/vulnerabilities/190031
• http://www.request.com/
• https://www.vulncheck.com/advisories/request-serious-play-f3-media-server-remote-dos

• CWE-400 Uncontrolled Resource Consumption CWE

• CAPEC-227 Sustained Client Engagement