CVE-2020-36915

high

Description

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php

https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials

https://www.exploit-db.com/exploits/48954

https://www.adtecdigital.com

https://packetstorm.news/files/id/159709

https://exchange.xforce.ibmcloud.com/vulnerabilities/190628

Details

Source: Mitre, NVD

Published: 2026-01-06

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00036