From the SANS.org Newsbites:

--OpenELEC Password Vulnerability
(February 2 & 3, 2016)
Carnegie Mellon University's Computer Emergency Response Team Coordination Center (CERT/CC) has published an alert warning of a password vulnerability in the Open Embedded Linux Entertainment Center (OpenELEC) operating system. The flaw also affects RasPlex for Raspberry Pi devices, as it is based on the open-source OpenELEC distribution. A hard-coded root password for the Secure Shell (SSH) encryption protocol could be used to gain root access to vulnerable devices. CERT recommends several mitigations, including disabling SSH passwords access and restricting network access.
http://www.scmagazine.com/cert-poor-password-policy-leaves-openelec-operating-system-v...rticle/470962/
http://www.kb.cert.org/vuls/id/544527