Vulnerabilities > Openelec

DATE CVE VULNERABILITY TITLE RISK
2017-03-05 CVE-2017-6445 Missing Encryption of Sensitive Data vulnerability in Openelec 6.0.3/7.0.1
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates.
network
high complexity
openelec CWE-311
8.1
2016-02-08 CVE-2016-2230 Credentials Management vulnerability in Openelec
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.
network
low complexity
openelec CWE-255
critical
9.8