# Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password.# Google Dork: "DlxSpot - Player4"# Date: 2017-05-14# Discoverer: Simon Brannstrom# Authors Website: https://unknownpwn.github.io/# Vendor Homepage: http://www.tecnovision.com/# Software Link: n/a# Version: All known versions# Tested on: Linux# About: DlxSpot is the software controlling Tecnovision LED Video Walls all over the world, they are used in football arenas, concert halls, shopping malls, as roadsigns etc.# CVE: CVE-2017-12928# Linked CVE's: CVE-2017-12929, CVE-2017-12930# Visit my github page at https://github.com/unknownpwn/unknownpwn.github.io/blob/master/README.md for complete takeover of the box, from SQLi to root access.###############################################################################################################################
Hardcoded password for all dlxspot players, login with the following credentials via SSH
username: dlxuser
password: tecn0visi0n
Escalate to root with the same password.
TIMELINE:
2017-05-14 - Discovery of vulnerabilities.
2017-05-15 - Contacted Tecnovision through contact form on manufacturer homepage.
2017-06-01 - No response, tried contacting again through several contact forms on homepage.
2017-08-10 - Contacted Common Vulnerabilities and Exposures (CVE) requesting CVE assignment.
2017-08-17 - Three CVE's assigned for the vulnerabilities found.
2017-08-22 - With help from fellow hacker and friend, byt3bl33d3r, sent an email in Italian to the company.
2017-09-18 - No response, full public disclosure.
DEDICATED TO MARCUS ASTROM
FOREVER LOVED - NEVER FORGOTTEN
