CVE-2020-36916

Jan. 6, 2026, 8:15 p.m.

8.5
High

Description

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.

Product(s) Impacted

Vendor Product Versions
Tdm
  • Tdm Digital Signage Pc Player
  • 4.1.0.4

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a tdm tdm_digital_signage_pc_player 4.1.0.4 / / / / / / /

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/190627
https://packetstorm.news/files/id/159723
https://pro.sony/en_NL/products/display-software/tdm-ds1y-tdm-ds3y
https://www.exploit-db.com/exploits/48953
https://www.tdmsignage.com
https://www.vulncheck.com/advisories/tdm-digital-signage-pc-player-privilege-escalation-via-insecure-permissions
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5604.php
https://www.exploit-db.com/exploits/48953

Tags

CWE-732
disclosure@vulncheck.com
2026-01-06
CVE-2020-36916

CVSS Score

8.5 / 10

CVSS Data - 4.0

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: LOW
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Jan. 6, 2026, 4:15 p.m.
Last Modified: Jan. 6, 2026, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

disclosure@vulncheck.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.