Primary

Context

Uniguest Tripleplay Unauthenticated Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in Uniguest Tripleplay versions prior to 24.2.1. This vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted HTTP POST request. The issue arises from inadequate input validation and insufficient sanitization of user-supplied data.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected server.

Remediation

Users are advised to upgrade to Tripleplay versions 24.2.1, 24.1.2, or a later release that includes the fix for this vulnerability. All remediation options require package installation by a trained Uniguest Support Engineer or Technical Services Engineer. Please contact your technical account representative or email support@tripleplay.tv to arrange an upgrade.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

7.8

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

7.8

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uniguest Tripleplay Unauthenticated Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Uniguest Tripleplay

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating