QwikSec

Security Database

CVE

CWE

Training

CVE-2017-6445

Published: Mar 5, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle

x_refsource_MISC

https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.