DNS Recursion Leads to DoS Attack Vivo Play (IPTV) — CVE-2023–31893

3 min readMay 22


A recursive DNS lookup occurs when a DNS server communicates with several other DNS servers to look up an IP address and return it to the client.
Allowing recursive DNS queries against open DNS servers creates a security vulnerability as this configuration could allow attackers to perform DNS amplification attacks.
While we analyzed and recognized the device’s technologies, we identified that it uses the recursive method in DNS, which enables denial of service attacks.

IPTV Device Tested:

Front of Device
Device Rear
Top of Device

Firmware Tested: 2023.

Firmware Number Tested

The IP that will be shown throughout the article is the IP of Vivo’s IPTV physical device.

Identified the enabled recursive method:

dig google.com A @

Identifying the enabled recursive method

Used Exploit:


Accessing some functionality of the device (Netflix, for example):

Accessing the Netflix

Carrying out the attack:

python3 DRipper.py -s -t 135 -p 53

DoS Testing

System down after performing the attack:

System Down


In the amplification technique, the attacker sends a spoofed request that asks for a very long response. The server will receive a barrage of long and unwanted DNS responses that can interrupt or even crash the IPTV device.



My LinkedIn: https://www.linkedin.com/in/lucas-fp/




I'm a Red Team and Pentest professional!