CVE-2020-36915

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VulnCheckCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/190628
https://packetstorm.news/files/id/159709
https://www.adtecdigital.com
https://www.exploit-db.com/exploits/48954
https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php
https://www.exploit-db.com/exploits/48954