HIGH
Openelec
CVE published 2017-03-05
CVE-2017-6445
CVE-2017-6445 describes a weakness in OpenELEC's auto-update feature where update traffic was neither encrypted nor signed. According to the CVE record, a man-in-the-middle attacker could tamper with update packages and gain remote root access.