Vulnerabilities in Internet Radio auna IR-160 SE (UIProto)

Read Time:25 Second

Posted by naphthalin via Fulldisclosure on Sep 04

The internet radio device auna IR-160 SE has multiple vulnerabilities.
It uses the firmware UIProto, different versions of which can also be
found in many other radios.

1. The firmware offers a rudimentary web API that can be reached on the
local network on port 80. This API is completely unauthenticated,
allowing anyone to control the radio over the local network. (already
known as CVE-2019-13474, but relevant for the other two findings)…

USN-7469-2: Apache Tomcat vulnerability

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for Apache Tomcat. Original advisory details:...

April 28, 2025

USN-7469-1: Apache Traffic Server vulnerability

It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly...

April 28, 2025

USN-7468-1: Linux kernel (Azure, N-Series) vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker...

April 28, 2025