Primary

Context

ReQuest Serious Play F3 Media Server Remote Denial-of-Service Vulnerability

Vulnerability

A remote denial-of-service vulnerability has been identified in ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823. This vulnerability allows an unauthenticated attacker to shut down or reboot the device by sending a single crafted HTTP GET request, thereby interrupting service availability.

Impact

Exploitation of this vulnerability leads to a remote denial-of-service condition, causing the media server to shut down or reboot.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the '/remote/index.php' endpoint with the 'cmd' parameter set to 'poweroff' or 'reboot'. This can be done using a tool like cURL.

Added: Nov 14, 2025, 11:27 PM

Updated: Nov 14, 2025, 11:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ReQuest Serious Play F3 Media Server Remote Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating