CVE-2020-36915

Description

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Adtecdigital / adManage Traffic & Media Management Application2.5.4 – 2.5.4
Adtecdigital / afiniti Multi-Carrier Platform1905_11 – 1905_11
Adtecdigital / ED-71 10-bit / 1080p Integrated Receiver Decoder2.02.24 – 2.02.24
Adtecdigital / edje-4111 HD Digital Media Player2.07.09 – 2.07.09
Adtecdigital / edje-5110 Standard Definition MPEG2 Encoder1.02.05 – 1.02.05
Adtecdigital / EN-200 1080p AVC Low Latency Encoder / Modulator3.00.29 – 3.00.29
Adtecdigital / EN-210 Multi-CODEC 10-bit Encoder / Modulator3.00.29 – 3.00.29
Adtecdigital / EN-31 Dual Channel DSNG Encoder / Modulator2.01.15 – 2.01.15
Adtecdigital / mediaHUB HD-Pro High & Standard Definition MPEG2 Encoder3.07.19 – 3.07.19
Adtecdigital / SignEdje Digital Signage Player2.08.28 – 2.08.28
Adtecdigital / Soloist HD-Pro Broadcast Decoder2.07.09 – 2.07.09

Description

CVSS breakdown

Affected products

References