CVE-2020-36916
Unknown Unknown - Not Provided
Elevation of Privilege in TDM Digital Signage PC Player

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: VulnCheck

Description
TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36916
EUVD
EUVD-2026-1022
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trending_digital_marketing tdm_digital_signage_pc_player 4.1.0.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow an authenticated user on the system to escalate their privileges by replacing legitimate executable files with malicious ones. As a result, an attacker could gain unauthorized elevated system access, potentially leading to full control over the affected system, compromising confidentiality, integrity, and availability of the system and its data. [2, 3, 4]

Detection Guidance

This vulnerability can be detected by checking the file permissions of the TDM Digital Signage PC Player executable files and its main application directory. Specifically, you should verify if the 'Authenticated Users' group has 'Modify' (M) or 'Change' (C) permissions on these files and directories. On a Windows system, you can use the following command to check permissions on the main application directory (e.g., C:\TDMSignage) and executables like Player.exe and unins000.exe: icacls "C:\TDMSignage" Look for entries granting 'M' or 'C' permissions to 'Authenticated Users'. If such permissions are present, the system is vulnerable. [2, 4]

Mitigation Strategies

To mitigate this vulnerability immediately, you should remove the 'Modify' or 'Change' permissions granted to the 'Authenticated Users' group on the TDM Digital Signage PC Player executable files and its main application directory. Restrict permissions so that only trusted administrative accounts have write or modify access. This can be done using the icacls command to remove or adjust permissions, for example: icacls "C:\TDMSignage" /remove:g "Authenticated Users" or modify the ACLs to remove 'Modify' rights while retaining necessary read and execute permissions. Additionally, consider applying any vendor patches or updates if available. [2, 3, 4]

Executive Summary

CVE-2020-36916 is a local elevation of privileges vulnerability in TDM Digital Signage PC Player version 4.1.0.4. It occurs because the executable files and main application directory have insecure file permissions that grant 'Modify' or 'Change' rights to the 'Authenticated Users' group. This misconfiguration allows any authenticated user to replace legitimate executable files with malicious binaries, enabling them to execute arbitrary code with elevated system privileges. [2, 3, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36916. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart