Posted by Wolfgang on Mar 06

During my research about update mechanisms of open-source software I
discovered vulnerabilities in OpenElec.

== [ OVERVIEW ] ==

System affected: OpenElec
CVE: CVE-2017-6445
Vulnerable component: auto-update feature
Software-Version: 6.0.3, 7.0.1
User-Interaction: Reboot required
Impact: Remote Code Execution with root permission

== [ PRODUCT DESCRIPTION ] ==

According to its website “Open Embedded Linux…