CVE-2017-12928

Published: Sep 21, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.

Affected (1)

Products: Tecnovision: Dlx Spot Player4

Tecnovision

1 product

Dlx Spot Player4

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tecnovision Dlx Spot Player4	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.