Smart TVs selling under SUPRA brand-name have been found vulnerable to an unpatched remote file inclusion vulnerability that could allow WiFi attackers to broadcast fake videos to the television screen without any authentication with the television.
SUPRA is a lesser-known Russia electronics brand on the Internet that manufactures several affordable audio-video equipments, household appliances and car electronics, most of which are being distributed through Russian, Chinese, Russian and UAE-based e-commerce websites.
Discovered by Dhiraj Mishra and shared with The Hacker News, the vulnerability (CVE-2019-12477) resides in the “openLiveURL” function of the Supra Smart Cloud TV due to lack of authentication or session management.
Source: HackerNews