VYPR
High severity8.1NVD Advisory· Published Mar 5, 2017· Updated Jun 17, 2026

CVE-2017-6445

CVE-2017-6445

Description

The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openelec/Openelec2 versions
    cpe:2.3:o:openelec:openelec:6.0.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:openelec:openelec:6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:openelec:openelec:7.0.1:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.