The Barix Streaming Client is a product that “can deliver high quality branded audio in real time via the internet or a local network to an unlimited number of locations and gives the option for localized and targeted ad insertion too, all via live streaming.”
It uses a web interface for device management. By default it does not require authentication and does not appear to allow you to set a user account just a password. Version B3.14 was tested and found to have additional problems!
Unauthenticated access –
You can manipulate streaming settings and change the audio the person hears –
Under Configuration -> Advanced Settings, the ‘User Agent’ field is not sanitized. Inserting script code triggers a POST request to /setup.cgi and updates the ‘S517’ parameter allowing for cross site scripting (CVE-2015-78000) that renders on uifadvanced.html –
It also renders on /ixstatus.html –
The security settings that allow for a password –
You can also manually reboot the device or create a script that will continually reboot it –