CVE-2020-36915

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/190628
https://packetstorm.news/files/id/159709
https://www.adtecdigital.com
https://www.exploit-db.com/exploits/48954
https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php
https://www.exploit-db.com/exploits/48954

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Adtec Digital SignEdje Digital Signage Player v2.08.28 contiene múltiples credenciales predeterminadas codificadas que permiten acceso remoto no autenticado a las interfaces web, telnet y SSH. Los atacantes pueden explotar estas credenciales para obtener acceso a nivel de root y ejecutar comandos del sistema en múltiples versiones de productos de Adtec Digital.

06 Jan 2026, 20:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/48954 -~~	() https://www.exploit-db.com/exploits/48954 -

06 Jan 2026, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-06 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2020-36915

Mitre link : CVE-2020-36915

CVE.ORG link : CVE-2020-36915

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

CWE-1392

Use of Default Credentials

{"id": "CVE-2020-36915", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-06T16:15:47.550", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190628", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstorm.news/files/id/159709", "source": "disclosure@vulncheck.com"}, {"url": "https://www.adtecdigital.com", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48954", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48954", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-798"}, {"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions."}, {"lang": "es", "value": "Adtec Digital SignEdje Digital Signage Player v2.08.28 contiene m\u00faltiples credenciales predeterminadas codificadas que permiten acceso remoto no autenticado a las interfaces web, telnet y SSH. Los atacantes pueden explotar estas credenciales para obtener acceso a nivel de root y ejecutar comandos del sistema en m\u00faltiples versiones de productos de Adtec Digital."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}