We’ve been spending some time playing around with XBMC as this platform is starting to get quite popular.
We found a way to gain shell on xbmcbuntu and raspbmc devices reliably. The out-of-the-box configuration of these devices is part of the attack. We’re currently working on finding a way to do the attack with XBMC installed on any platform.
The vulnerability pre-requisites are:
- xbmcbuntu or raspbmc
- Allow control of XBMC via HTTP with default credentials (enabled to control XBMC with their phone remote – often used.)