Vulnerabilities > CVE-2020-27402 - Unspecified vulnerability in Hindotech HK1 BOX S905X3 Firmware Hk1X3S905X34Bitv1120191105
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
References
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-004.md
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-004.md
- https://sick.codes/sick-2020-004/
- https://sick.codes/sick-2020-004/
- https://threatpost.com/authentication-bug-android-smart-tv-data-theft/160025/
- https://threatpost.com/authentication-bug-android-smart-tv-data-theft/160025/
- https://www.cybersecurity-help.cz/vdb/SB2020101404
- https://www.cybersecurity-help.cz/vdb/SB2020101404
- https://www.securitylab.ru/news/513051.php
- https://www.securitylab.ru/news/513051.php