CVE-2020-36915
Unknown Unknown - Not Provided
Hardcoded Credentials in Adtec Digital SignEdje Enable Root Access

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: VulnCheck

Description
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36915
EUVD
EUVD-2026-1021
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
adtec_digital signedje_digital_signage_player 2.08.28
adtec_digital mediahub_hd_pro_mpeg2_encoder 3.07.19
adtec_digital afiniti_multi_carrier_platform 1905_11
adtec_digital en-31_dual_channel_dsng_encoder_modulator 2.01.15
adtec_digital en-210_multi_codec_10_bit_encoder_modulator 3.00.29
adtec_digital en-200_1080p_avc_low_latency_encoder_modulator 3.00.29
adtec_digital ed-71_10_bit_1080p_integrated_receiver_decoder 2.02.24
adtec_digital edje-5110_standard_definition_mpeg2_encoder 1.02.05
adtec_digital edje-4111_hd_digital_media_player 2.07.09
adtec_digital soloist_hd_pro_broadcast_decoder 2.07.09
adtec_digital admanage_traffic_and_media_management_application 2.5.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-36915 is a vulnerability in multiple Adtec Digital products, including the SignEdje Digital Signage Player v2.08.28, caused by multiple hardcoded default credentials embedded in the devices' Linux-based systems. These credentials allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access, enabling them to execute arbitrary system commands remotely and fully control the affected devices. [1, 3, 4]

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to gain unauthorized root access to affected Adtec Digital devices remotely. With root privileges, attackers can execute arbitrary system commands, potentially disrupting broadcast, cable, and IPTV services, extracting sensitive information, or causing denial of service. The vulnerability exposes critical infrastructure to full compromise due to insecure default configurations. [1, 3, 4]

Detection Guidance

This vulnerability can be detected by attempting to access the affected Adtec Digital devices via their web, Telnet, or SSH interfaces using the known hardcoded default credentials. Commands to test SSH access include: `ssh adtec@<device_ip>`, `ssh admin@<device_ip>`, `ssh root1@<device_ip>`, and `ssh adtecftp@<device_ip>` using the respective passwords (e.g., no password for 'adtec', '1admin!' for 'admin', '1root!' for 'root1', and 'adtecftp2231' for 'adtecftp'). Similarly, Telnet sessions can be initiated with these usernames and passwords. Successful login indicates the presence of the vulnerability. Additionally, checking for open ports 22 (SSH) and 23 (Telnet) on these devices can help identify potential targets. [4]

Mitigation Strategies

Immediate mitigation steps include changing or disabling the hardcoded default credentials on all affected Adtec Digital devices to prevent unauthorized access. If possible, restrict network access to the web, Telnet, and SSH interfaces by implementing firewall rules or network segmentation. Disable Telnet access if not required, as it is less secure. Applying any available vendor patches or updates that address this vulnerability is also recommended. If patches are not available, consider isolating the devices from untrusted networks until a fix is applied. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36915. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart