The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.
Max CVSS
8.1
EPSS Score
0.29%
Published
2017-03-05
Updated
2019-10-03
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.
Max CVSS
10.0
EPSS Score
0.54%
Published
2016-02-08
Updated
2016-02-25
Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.
Max CVSS
6.8
EPSS Score
0.82%
Published
2009-02-03
Updated
2017-09-29
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!