CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18929

HIGH
8.8
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile23.38th
PublishedOct 29, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system.

Affected Platforms (CPE)

💻
Trms

Seneca Hdn Firmware

<= 7.0.4.104

References & Advisories

🔗 https://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/
🔗 https://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/

Related Vulnerabilities

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...

CVE-2026-121886.3

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules...