CVE-2026-7703
Code Injection in AV Stumpfl Pixera Two Media Server
Publication date: 2026-05-03
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| av_stumpfl | pixera_two_media_server | to 25.2 R2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw found in AV Stumpfl Pixera Two Media Server up to version 25.2 R2, specifically in an unknown function of the Websocket API component. It allows an attacker to perform code injection remotely, meaning malicious code can be inserted and executed on the affected system without physical access.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution on the affected media server, potentially allowing attackers to take control of the system, manipulate data, disrupt services, or use the compromised system as a foothold for further attacks.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade AV Stumpfl Pixera Two Media Server to version 25.2 R3.
Upgrading the affected component is advised to address the code injection flaw in the Websocket API.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote code execution and arbitrary file read on the AV Stumpfl Pixera Two Media Server, potentially leading to unauthorized access to sensitive data and system compromise.
Such unauthorized access and potential data exposure could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.
However, the provided information does not explicitly discuss the direct impact of this vulnerability on compliance with these standards or any regulatory requirements.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves a Remote Code Execution flaw via the default-configured websocket API on port 1338 of AV Stumpfl Pixera Two Media Server versions prior to 25.2 R3.
To detect this vulnerability on your network or system, you can check if the websocket API on port 1338 is accessible and accepting connections without authentication.
A simple network scan command to check if port 1338 is open on the target server could be:
- nmap -p 1338 <target-ip>
If the port is open, you may attempt to interact with the websocket API to verify if it is vulnerable. However, since the vulnerability allows unauthenticated remote code execution, any unexpected or unauthorized responses or behaviors from the websocket API on port 1338 could indicate the presence of the flaw.
It is recommended to upgrade to version 25.2 R3 which patches this vulnerability and to apply strict IP whitelisting to restrict access to the API.