CVE-2018-6546

CRITICAL

plays.tv < 1.27.7.0 - Unauthenticated Remote Code Execution via execute_installer Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-6546. PoCs published by Securifera, securifera.

AI-analyzed exploit summary This exploit targets a vulnerability in the Raptr, Inc Plays TV Service on Windows, allowing arbitrary file execution with SYSTEM privileges. It leverages an exposed HTTP endpoint to execute commands via a crafted request with a hardcoded secret key.

Description

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.

Exploits (2)

exploitdb WORKING POC
by Securifera · pythonlocalwindows
https://www.exploit-db.com/exploits/44476

This exploit targets a vulnerability in the Raptr, Inc Plays TV Service on Windows, allowing arbitrary file execution with SYSTEM privileges. It leverages an exposed HTTP endpoint to execute commands via a crafted request with a hardcoded secret key.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Raptr, Inc Plays TV Service (CVE-2018-6546)
No auth needed
Prerequisites: Target must have Raptr, Inc Plays TV Service installed and running · Service must be accessible on the specified port
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 41 stars
by securifera · poc
https://github.com/securifera/CVE-2018-6546-Exploit

This is a functional PoC exploit for CVE-2018-6546, targeting the Plays.tv service (plays_service.exe) version 1.27.5.0 and prior. It leverages an arbitrary file execution vulnerability by sending a crafted request to the service's ephemeral port, allowing local or remote code execution with SYSTEM privileges.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Plays.tv service (plays_service.exe) version 1.27.5.0 and prior
No auth needed
Prerequisites: Target must have Plays.tv service installed and running · Attacker must know the ephemeral port or use the default (50452) · Network access to the target service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44476/
Third Party Advisory x_refsource_misc
https://www.securifera.com/advisories/CVE-2018-6546/

Scores

CVSS v3 9.8
EPSS 0.1831
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
plays.tv/plays.tv < 1.27.7.0
Published Apr 13, 2018
Tracked Since Feb 18, 2026