CVE-2020-36915

HIGH

Adtec Digital SignEdje <2.08.28 - Unauthenticated RCE

Title source: llm

Description

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/48954

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48954

[Various Sources] https://www.adtecdigital.com

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php

[Various Sources] https://packetstorm.news/files/id/159709

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/190628

[Third Party Advisory] https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-1392 CWE-798

Status published

Published Jan 06, 2026

Tracked Since Feb 18, 2026