Security researchers at Check Point discovered multiple flaws in a popular IPTV middleware platform that is used by regional and international media streaming services.
Ministra TV platform is a middleware platform for media streaming services which manages Internet Protocol Television (IPTV), Over-theTop (OTT) and Video-on Demand (VoD).
The vulnerability is located in the administrative panel of the Ministra TV platform; if an attacker were to gain unauthorised access to the platform, they could expose the provider’s customer base’s financial details or even replace content sent to the service provider’s customers.
Check Point Research identified that 1,000 service providers have bought the Ministra and provide it to their customers. While it remains unknown as to how many customers have been affected, it is estimated that the number of those exposed could be very high.
“The authentication mechanism was bypassed and the admin AJAX API functions had been utilised, which in turn lead to the “SQL Injection chained to PHP object Injection vulnerabilities, effectively allowing us [researchers] to remotely execute code on the server”.
Check Point reported the vulnerability over a year ago, since which time a patch was released to fix it.
“Due to some resellers likely not to have patched their service, and therefore are still at risk of attack, we advise customers to contact their TV streaming service provider to ensure they have implemented the protection against this Ministra vulnerability.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.