Vulnerability Description
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hindotech | Hk1 Box S905X3 Firmware | hk1_x3_s905x3_4bit_v11_2019-11-05 |
| Hindotech | Hk1 Box S905X3 | - |
References
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-004.mdExploitThird Party Advisory
- https://sick.codes/sick-2020-004/ExploitThird Party Advisory
- https://threatpost.com/authentication-bug-android-smart-tv-data-theft/160025/Third Party Advisory
- https://www.cybersecurity-help.cz/vdb/SB2020101404Third Party Advisory
- https://www.securitylab.ru/news/513051.phpThird Party Advisory
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-004.mdExploitThird Party Advisory
- https://sick.codes/sick-2020-004/ExploitThird Party Advisory
- https://threatpost.com/authentication-bug-android-smart-tv-data-theft/160025/Third Party Advisory
- https://www.cybersecurity-help.cz/vdb/SB2020101404Third Party Advisory
- https://www.securitylab.ru/news/513051.phpThird Party Advisory
FAQ
What is CVE-2020-27402?
CVE-2020-27402 is a vulnerability with a CVSS score of 7.8 (HIGH). The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.
How severe is CVE-2020-27402?
CVE-2020-27402 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27402?
Check the references section above for vendor advisories and patch information. Affected products include: Hindotech Hk1 Box S905X3 Firmware, Hindotech Hk1 Box S905X3.