CVE-2017-6445
N/A
N/A
Summary
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle
- https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited
- http://www.securityfocus.com/bid/96580
References
- https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle
- https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited
- http://www.securityfocus.com/bid/96580
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.