CVE-2020-36915
Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Adtecdigital · adManage Traffic & Media Management ApplicationAdtecdigital · afiniti Multi-Carrier PlatformAdtecdigital · ED-71 10-bit / 1080p Integrated Receiver DecoderAdtecdigital · edje-4111 HD Digital Media PlayerAdtecdigital · edje-5110 Standard Definition MPEG2 EncoderAdtecdigital · EN-200 1080p AVC Low Latency Encoder / ModulatorAdtecdigital · EN-210 Multi-CODEC 10-bit Encoder / ModulatorAdtecdigital · EN-31 Dual Channel DSNG Encoder / ModulatorAdtecdigital · mediaHUB HD-Pro High & Standard Definition MPEG2 EncoderAdtecdigital · SignEdje Digital Signage PlayerAdtecdigital · Soloist HD-Pro Broadcast DecoderQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://exchange.xforce.ibmcloud.com/vulnerabilities/190628https://packetstorm.news/files/id/159709https://www.adtecdigital.comhttps://www.exploit-db.com/exploits/48954https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentialshttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php