Vulnerabilities > CVE-2021-27943 - Improper Restriction of Excessive Authentication Attempts vulnerability in Vizio E50X-E1 Firmware and P65-F1 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

vizio

CWE-307

NVD

Published: 2021-08-02

Updated: 2021-08-11

Summary

The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations.

Vulnerable Configurations

Part	Description	Count
OS	Vizio Vizio P65 F1 Firmware 6.0.31.4-2 Vizio E50X E1 Firmware 10.0.31.4-2	2
Hardware	Vizio Vizio P65 F1 - Vizio E50X E1 -	2

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.vizio.com
https://www.l9group.com/advisories/vizio-tv-mobile-pairing-is-vulnerable-to-brute-force-attacks