CVE-2017-12928

Name of the Vulnerable Software and Affected Versions TecnoVISION DLX Spot Player4 (all known versions)

Description The issue concerns a hard-coded password for the dlxuser account, which is tecn0visi0n. This allows remote attackers to log in via SSH and then escalate privileges to gain root access using the same credentials.

Recommendations For all known versions, consider changing the hard-coded password for the dlxuser account to a unique and secure password to prevent unauthorized access. As a temporary workaround, restrict SSH access to the device until a more permanent solution can be implemented.