ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS

Advisories

severity: high
date: November 14, 2025
Affecting: v7.0.3.4968 (Pro)
v7.0.2.4954
v6.5.2.4954
v6.4.2.4681
v6.3.2.4203
v2.0.1.823
An affected version range remains undefined
CVE: CVE-2021-4465
CWE: CWE-400 Uncontrolled Resource Consumption
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: Zero Science Lab Disclosure (ZSL-2020-5601)
ExploitDB-48951
Packet Storm Security (#159602)
CXSECurity (WLB-2020100122)
IBM X-Force Exchange (#190031)
ReQuest Product Site
Credit: Gjoko Krstic of Zero Science Lab
Description: ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.