BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series 5 prior to v9.0.166 contain an execution with unnecessary
privileges vulnerability, allowing for privilege escalation on the
device once code execution has been obtained.
Credits
Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA.
