The pairing procedure used by the Vizio P65-F1 184.108.40.206-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations.
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
Common protection mechanisms include:
Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]