Sign In
Advisories

Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Go Back
severity
high
date
Affecting

  • SignEdje Digital Signage Player v2.08.28

  • mediaHUB HD-Pro High & Standard Definition MPEG2 Encoder v3.07.19

  • afiniti Multi-Carrier Platform v1905_11

  • EN-31 Dual Channel DSNG Encoder / Modulator v2.01.15

  • EN-210 Multi-CODEC 10-bit Encoder / Modulator v3.00.29

  • EN-200 1080p AVC Low Latency Encoder / Modulator v3.00.29

  • ED-71 10-bit / 1080p Integrated Receiver Decoder v2.02.24

  • edje-5110 Standard Definition MPEG2 Encoder v1.02.05

  • edje-4111 HD Digital Media Player v2.07.09

  • Soloist HD-Pro Broadcast Decoder v2.07.09

  • adManage Traffic & Media Management Application v2.5.4

CWE
  • CWE-798 Use of Hard-coded Credentials
  • CWE-1392 Use of Default Credentials
CVSS
8.7
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Credit
LiquidWorm as Gjoko Krstic of Zero Science Lab
Description
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.