CVE-2020-36915

Summary

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

Affected Software

VendorProductVersion RangeStatus
AdtecdigitalSignEdje Digital Signage Player2.08.28affected
AdtecdigitalmediaHUB HD-Pro High & Standard Definition MPEG2 Encoder3.07.19affected
Adtecdigitalafiniti Multi-Carrier Platform1905_11affected
AdtecdigitalEN-31 Dual Channel DSNG Encoder / Modulator2.01.15affected
AdtecdigitalEN-210 Multi-CODEC 10-bit Encoder / Modulator3.00.29affected
AdtecdigitalEN-200 1080p AVC Low Latency Encoder / Modulator3.00.29affected
AdtecdigitalED-71 10-bit / 1080p Integrated Receiver Decoder2.02.24affected
Adtecdigitaledje-5110 Standard Definition MPEG2 Encoder1.02.05affected
Adtecdigitaledje-4111 HD Digital Media Player2.07.09affected
AdtecdigitalSoloist HD-Pro Broadcast Decoder2.07.09affected
AdtecdigitaladManage Traffic & Media Management Application2.5.4affected

Weaknesses

  • CWE-798: Use of Hard-coded Credentials
  • CWE-1392: Use of Default Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References