CVE-2020-36916

HIGH

TDM Digital Signage PC Player 4.1.0.4 - Privilege Escalation

Title source: llm

Description

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/48953

View Code ZIP pw:eip

References (7)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48953

[Various Sources] https://www.tdmsignage.com

[Various Sources] https://pro.sony/en_NL/products/display-software/tdm-ds1y-tdm-ds3y

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5604.php

[Various Sources] https://packetstorm.news/files/id/159723

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/190627

[Third Party Advisory] https://www.vulncheck.com/advisories/tdm-digital-signage-pc-player-privilege-escalation-via-insecure-permissions

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Published Jan 06, 2026

Tracked Since Feb 18, 2026