CVE-2020-36915
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adtecdigital | SignEdje Digital Signage Player | 2.08.28 | affected |
| Adtecdigital | mediaHUB HD-Pro High & Standard Definition MPEG2 Encoder | 3.07.19 | affected |
| Adtecdigital | afiniti Multi-Carrier Platform | 1905_11 | affected |
| Adtecdigital | EN-31 Dual Channel DSNG Encoder / Modulator | 2.01.15 | affected |
| Adtecdigital | EN-210 Multi-CODEC 10-bit Encoder / Modulator | 3.00.29 | affected |
| Adtecdigital | EN-200 1080p AVC Low Latency Encoder / Modulator | 3.00.29 | affected |
| Adtecdigital | ED-71 10-bit / 1080p Integrated Receiver Decoder | 2.02.24 | affected |
| Adtecdigital | edje-5110 Standard Definition MPEG2 Encoder | 1.02.05 | affected |
| Adtecdigital | edje-4111 HD Digital Media Player | 2.07.09 | affected |
| Adtecdigital | Soloist HD-Pro Broadcast Decoder | 2.07.09 | affected |
| Adtecdigital | adManage Traffic & Media Management Application | 2.5.4 | affected |
Weaknesses
- CWE-798: Use of Hard-coded Credentials
- CWE-1392: Use of Default Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://www.exploit-db.com/exploits/48954
- https://www.adtecdigital.com
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php
- https://packetstorm.news/files/id/159709
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190628
- https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.