Search criteria
1 vulnerability by Tdmsignage
CVE-2020-36916 (GCVE-0-2020-36916)
Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-06 19:38
VLAI?
Title
TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions
Summary
TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tdmsignage | TDM Digital Signage PC Player |
Affected:
4.1.0.4
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36916",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T19:32:38.963380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:38:43.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48953"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TDM Digital Signage PC Player",
"vendor": "Tdmsignage",
"versions": [
{
"status": "affected",
"version": "4.1.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the \u0027Modify\u0027 permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:52:24.815Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48953",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48953"
},
{
"name": "TDM Digital Signage Official Website",
"tags": [
"product"
],
"url": "https://www.tdmsignage.com"
},
{
"name": "Sony Professional Display Software Product Page",
"tags": [
"product"
],
"url": "https://pro.sony/en_NL/products/display-software/tdm-ds1y-tdm-ds3y"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2020-5604)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5604.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/159723"
},
{
"name": "IBM X-Force Vulnerability Exchange",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190627"
},
{
"name": "VulnCheck Advisory: TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/tdm-digital-signage-pc-player-privilege-escalation-via-insecure-permissions"
}
],
"title": "TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36916",
"datePublished": "2026-01-06T15:52:24.815Z",
"dateReserved": "2026-01-03T14:10:13.301Z",
"dateUpdated": "2026-01-06T19:38:43.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}