High severity8.1NVD Advisory· Published Mar 5, 2017· Updated Jun 17, 2026
CVE-2017-6445
CVE-2017-6445
Description
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middlenvdExploitTechnical DescriptionThird Party Advisory
- www.securityfocus.com/bid/96580nvd
- tech.feedyourhead.at/content/openelec-cve-2017-6445-revisitednvd
News mentions
0No linked articles in our index yet.