Published: 21/09/2017 Updated: 29/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote malicious users to log in via SSH and escalate privileges to root access with the same credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tecnovision dlx spot player4 -

DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root ...

DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability Versions greater than 1510 are affected ...

DlxSpot Player4 LED video wall suffers from a remote SQL injection vulnerability that allows for authentication bypass Versions greater than 1510 are affected ...

infosec enthusiast and madman

Tecnovision LED Video Wall Vulnerabilities and Exploits From SQLi to full root access Introduction: Tecnovision is a manufacturer of LED Video Walls used in arenas (For example, Twickenham Stadium), concert halls, shopping malls, as roadsigns and much much more DlxSpot Player 4 is the software controller for some of these LED walls These are the unpatched exploits that I ha

CWE-798 http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html https://nvd.nist.gov https://github.com/unknownpwn/unknownpwn.github.io https://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html

CVE-2017-12928

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect