CVE-2020-36916 | THREATINT

Description

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.

PUBLISHED Reserved 2026-01-03 | Published 2026-01-06 | Updated 2026-01-06 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Incorrect Permission Assignment for Critical Resource

Product status

4.1.0.4

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/48953 exploit

www.exploit-db.com/exploits/48953 (ExploitDB-48953) exploit

www.tdmsignage.com (TDM Digital Signage Official Website) product

pro.sony/en_NL/products/display-software/tdm-ds1y-tdm-ds3y (Sony Professional Display Software Product Page) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5604.php (Zero Science Lab Disclosure (ZSL-2020-5604)) third-party-advisory

packetstorm.news/files/id/159723 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/190627 (IBM X-Force Vulnerability Exchange) vdb-entry

www.vulncheck.com/...ege-escalation-via-insecure-permissions (VulnCheck Advisory: TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions) third-party-advisory

cve.org (CVE-2020-36916)

nvd.nist.gov (CVE-2020-36916)

Download JSON