Vulners
Lucene search
Tecnovision DLX Spot - SSH Backdoor Access
| Reporter | Title | Published | Views | Family All 30 |
|---|---|---|---|---|
 | Tecnovision DLX Spot - SSH Backdoor Vulnerability | 19 Sep 201700:00 | – | zdt |
| Tecnovision DLX Spot - Authentication Bypass Vulnerability | 19 Sep 201700:00 | – | zdt |
| Tecnovision DLX Spot - Arbitrary File Upload Vulnerability | 19 Sep 201700:00 | – | zdt |
 | TecnoVISION DLX Spot Player4 Elevation of Privilege Vulnerability | 22 Sep 201700:00 | – | cnvd |
| TecnoVISION DLX Spot Player4 Arbitrary File Upload Vulnerability | 22 Sep 201700:00 | – | cnvd |
| TecnoVISION DLX Spot Player4 SQL Injection Vulnerability | 22 Sep 201700:00 | – | cnvd |
 | CVE-2017-12928 | 21 Sep 201716:00 | – | cve |
| CVE-2017-12929 | 21 Sep 201716:00 | – | cve |
| CVE-2017-12930 | 21 Sep 201716:00 | – | cve |
 | CVE-2017-12928 | 21 Sep 201716:00 | – | cvelist |
10
# Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password.
# Google Dork: "DlxSpot - Player4"
# Date: 2017-05-14
# Discoverer: Simon Brannstrom
# Authors Website: https://unknownpwn.github.io/
# Vendor Homepage: http://www.tecnovision.com/
# Software Link: n/a
# Version: All known versions
# Tested on: Linux
# About: DlxSpot is the software controlling Tecnovision LED Video Walls all over the world, they are used in football arenas, concert halls, shopping malls, as roadsigns etc.
# CVE: CVE-2017-12928
# Linked CVE's: CVE-2017-12929, CVE-2017-12930
# Visit my github page at https://github.com/unknownpwn/unknownpwn.github.io/blob/master/README.md for complete takeover of the box, from SQLi to root access.
###############################################################################################################################
Hardcoded password for all dlxspot players, login with the following credentials via SSH
username: dlxuser
password: tecn0visi0n
Escalate to root with the same password.
TIMELINE:
2017-05-14 - Discovery of vulnerabilities.
2017-05-15 - Contacted Tecnovision through contact form on manufacturer homepage.
2017-06-01 - No response, tried contacting again through several contact forms on homepage.
2017-08-10 - Contacted Common Vulnerabilities and Exposures (CVE) requesting CVE assignment.
2017-08-17 - Three CVE's assigned for the vulnerabilities found.
2017-08-22 - With help from fellow hacker and friend, byt3bl33d3r, sent an email in Italian to the company.
2017-09-18 - No response, full public disclosure.
DEDICATED TO MARCUS ASTROM
FOREVER LOVED - NEVER FORGOTTENData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 May 2017 00:00Current
9.3High risk
Vulners AI Score9.3
CVSS 39.8
CVSS 210
EPSS0.03913