CVE-2020-36915

Description

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

PUBLISHED Reserved 2026-01-03 | Published 2026-01-06 | Updated 2026-01-06 | Assigner VulnCheck

Problem types

Use of Hard-coded Credentials

Use of Default Credentials

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/48954 exploit

www.exploit-db.com/exploits/48954 (ExploitDB-48954) exploit

www.adtecdigital.com (Adtec Digital Official Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php (Zero Science Lab Disclosure (ZSL-2020-5603)) third-party-advisory

packetstorm.news/files/id/159709 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/190628 (IBM X-Force Vulnerability Exchange) vdb-entry

www.vulncheck.com/...ital-signage-player-default-credentials (VulnCheck Advisory: Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials) third-party-advisory

cve.org (CVE-2020-36915)

nvd.nist.gov (CVE-2020-36915)

Download JSON