CVE-2020-27402

High

7.8/10

Summary

The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Nov 05, 2020

CVE-2020-27402

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS