CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-36902

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.8%

CVSS Severity

CVSS v3 Score 9.8

References

http://www.medivision.co.kr
https://www.exploit-db.com/exploits/48684
https://www.vulncheck.com/advisories/ubicod-medivision-digital-signage-authorization-bypass-via-user-privileges
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5575.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5575.php

Products affected by CVE-2020-36902

Medivision » Medivision Digital Signage » Version: N/A

cpe:2.3:h:medivision:medivision_digital_signage:-
Medivision » Medivision Digital Signage Firmware » Version: 1.5.1

cpe:2.3:o:medivision:medivision_digital_signage_firmware:1.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36902

Products

Pricing

Contact Us