CVE-2021-4465 HIGH

CVE-2021-4465: ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS

Vendor Request Serious Play Llc
Product ReQuest Serious Play Pro
Weakness CWE-400
Published November 14, 2025
Last update April 7, 2026
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.

Key dates

02Disclosure timeline

November 14, 2025 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-39477 Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS CVE-2021-31405 Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 CVE-2021-1266 Cisco Managed Services Accelerator Denial of Service Vulnerability CVE-2021-28510 For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.