VYPR

Openelec

by Openelec

CVEs (3)

  • CVE-2016-2230CriFeb 8, 2016
    risk 0.64cvss 9.8epss 0.04

    OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.

  • CVE-2017-6445HigMar 5, 2017
    risk 0.53cvss 8.1epss 0.01

    The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.

  • CVE-2008-6025Feb 3, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.