CVE-2018-6546

CRITICAL

Plays.tv < 1.27.7.0 - Authentication Bypass

Title source: rule

Description

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.

Exploits (2)

exploitdb WORKING POC

by Securifera · pythonlocalwindows

https://www.exploit-db.com/exploits/44476

View Code ZIP pw:eip

nomisec WORKING POC 41 stars

by securifera · poc

https://github.com/securifera/CVE-2018-6546-Exploit

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/securifera/CVE-2018-6546-Exploit/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44476/

[Third Party Advisory] https://www.securifera.com/advisories/CVE-2018-6546/

Scores

CVSS v3 9.8

EPSS 0.4279

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

plays.tv/plays.tv < 1.27.7.0

Published Apr 13, 2018

Tracked Since Feb 18, 2026