CVE-2019-15311
CRITICALZolo Halo Linkplay Firmware - Unauthenticated Remote Code Execution via /httpapi.asp Endpoint
Title source: llmDescription
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://labs.mwrinfosecurity.com/advisories/
Product x_refsource_misc
https://linkplay.com/featured-products/
Exploit, Third Party Advisory x_refsource_misc
https://labs.f-secure.com/advisories/linkplay-firmware-wanlan-remote-code-execution/
Scores
CVSS v3
9.8
EPSS
0.0762
EPSS Percentile
93.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
linkplay/linkplay
Published
Jul 01, 2020
Tracked Since
Feb 18, 2026