Hi just thought I would mention a security issue with this avr.
Firstly, this is interesting:
<action name="register" mode="1" url="192.168.1.10:50001/cers/register"/>
<action name="getSystemInformation" url="192.168.1.10:50001/cers/getSystemInformation"/>
<action name="getRemoteCommandList" url="192.168.1.10:50001/cers/getRemoteCommandList"/>
<action name="getStatus" url="192.168.1.10:50001/cers/getStatus"/>
<action name="getText" url="192.168.1.10:50001/cers/getText"/>
<action name="sendText" url=192.168.1.10:50001/cers/sendText"/>
This is more worrying:
and if you right click on this page:
and view the source well... it will just spit out your wpa password <input id="oTextWpaPassphrase" type="password" name="Passphrase" value="your-password" size="30" maxlength="64" onKeyUp="onKeyUpTextWpaPassphrase()">
It is worth noting that using google with some keywords or the path to some of the pages you can log into some avr's which people have wide open to the entire internet and I would assume the code
is riddled with exploitable bugs which would effectively allow someone to infiltrate your amp. write their own scripts or gain root to the linux or whatever is running the http server and hop skip and jump to your
router and quite possibly any device attached. of course they could just stay in your amp and router and watch and control you outside the touch of any antivirus software.