CVE-2020-36915

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/190628
https://packetstorm.news/files/id/159709
https://www.adtecdigital.com
https://www.exploit-db.com/exploits/48954
https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php
https://www.exploit-db.com/exploits/48954

Configurations

No configuration.

History

06 Jan 2026, 20:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/48954 -~~	() https://www.exploit-db.com/exploits/48954 -

06 Jan 2026, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-06 16:15

Updated : 2026-01-08 18:09

NVD link : CVE-2020-36915

Mitre link : CVE-2020-36915

CVE.ORG link : CVE-2020-36915

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

CWE-1392

Use of Default Credentials

{"id": "CVE-2020-36915", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-06T16:15:47.550", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190628", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstorm.news/files/id/159709", "source": "disclosure@vulncheck.com"}, {"url": "https://www.adtecdigital.com", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48954", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48954", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-798"}, {"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions."}], "lastModified": "2026-01-08T18:09:23.230", "sourceIdentifier": "disclosure@vulncheck.com"}