What is the CVSS score of CVE-2020-36915?

CVE-2020-36915 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of SSH are affected by CVE-2020-36915?

Organizations using Adtec Digital SignEdje Digital Signage Player v2.08.28 face notable risk from CVE-2020-36915, a hard-coded credentials vulnerability rated CVSS 7.5.

Is there a public PoC exploit available for CVE-2020-36915?

Yes, a public proof-of-concept exploit is available for CVE-2020-36915. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-36915?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Audit authentication configurations and rotate any potentially compromised credentials.

SSH CVE-2020-36915

HIGH

Use of Hard-coded Credentials (CWE-798)

2026-01-06 disclosure@vulncheck.com

SSH

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 08, 2026 - 18:09 vuln.today

Public exploit code

CVE Published

Jan 06, 2026 - 16:15 nvd

HIGH 7.5

DescriptionNVD

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

AnalysisAI

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. [CVSS 7.5 HIGH]

Technical ContextAI

Classified as CWE-798 (Use of Hard-coded Credentials). Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.

Affected ProductsAI

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-36915 vulnerability details – vuln.today

Back

SSH CVE-2020-36915

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code