A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:10
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html - Third Party Advisory, VDB Entry |
Information
Published : 2017-09-21 16:29
Updated : 2024-11-21 03:10
NVD link : CVE-2017-12928
Mitre link : CVE-2017-12928
CVE.ORG link : CVE-2017-12928
JSON object : View
Products Affected
tecnovision
- dlx_spot_player4
CWE
CWE-798
Use of Hard-coded Credentials