CVE-2020-36915
Published: 06 January 2026
Summary
CVE-2020-36915 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Ibmcloud (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Policy and procedures prohibit hard-coded credentials in favor of managed authentication.
Changing default authenticators prior to first use and protecting content prevents use of hard-coded credentials.
Strategy enforces supplier requirements and code reviews that reduce hard-coded credentials introduced through acquired products.
Requiring security functional requirements and acceptance criteria allows contracts to prohibit hard-coded credentials in delivered systems or components.
Known vulnerabilities section of admin docs covers hard-coded credentials and how to replace them, limiting their use in deployments.
Enables users to notice when hard-coded credentials have been exploited for unauthorized access.
Security training explicitly warns against hard-coded credentials, lowering their use in systems.
Mandates replacement of default credentials during secure configuration and provisioning procedures.
NVD Description
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital…
more
product versions.
Deeper analysisAI
CVE-2020-36915 is a vulnerability in the Adtec Digital SignEdje Digital Signage Player version 2.08.28, stemming from multiple hardcoded default credentials that permit unauthenticated remote access to its web, telnet, and SSH interfaces. This issue affects multiple versions of Adtec Digital products and is classified under CWE-798 (Use of Hard-coded Credentials) and CWE-1392 (Use of Default Credentials). The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting its high confidentiality impact due to network-accessible exploitation with low complexity.
Attackers require only network access to the affected device, with no need for authentication, privileges, or user interaction. By leveraging the hardcoded credentials, they can achieve root-level access and execute arbitrary system commands on the targeted system.
Advisories and related resources, including exploit details, are documented at https://exchange.xforce.ibmcloud.com/vulnerabilities/190628, https://packetstorm.news/files/id/159709, https://www.adtecdigital.com, https://www.exploit-db.com/exploits/48954, and https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials. The CVE was published on 2026-01-06T16:15:47.550.
Details
- CWE(s)