Search criteria
4 vulnerabilities found for QiHang Media Web Digital Signage by Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd.
CVE-2020-36898 (GCVE-0-2020-36898)
Vulnerability from nvd – Published: 2025-12-10 21:03 – Updated: 2025-12-11 18:52
VLAI?
Title
QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion
Summary
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd. | QiHang Media Web Digital Signage |
Affected:
3.0.9
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:53:25.341220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:53.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5580.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QiHang Media Web Digital Signage",
"vendor": "Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "3.0.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eQiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the \u0027data\u0027 parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences.\u003c/p\u003e"
}
],
"value": "QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the \u0027data\u0027 parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:03:26.361Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48749",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48749"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.howfor.com"
},
{
"name": "Vendor Security Advisory for ZSL-2020-5580",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5580.php"
},
{
"name": "VulnCheck Advisory: QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-arbitrary-file-deletion"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36898",
"datePublished": "2025-12-10T21:03:26.361Z",
"dateReserved": "2025-12-09T11:46:53.452Z",
"dateUpdated": "2025-12-11T18:52:53.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36896 (GCVE-0-2020-36896)
Vulnerability from nvd – Published: 2025-12-10 20:55 – Updated: 2025-12-11 18:53
VLAI?
Title
QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure
Summary
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file, enabling direct authentication bypass.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd. | QiHang Media Web Digital Signage |
Affected:
3.0.9
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:54:05.839313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:53:06.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QiHang Media Web Digital Signage",
"vendor": "Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "3.0.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eQiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the \u0027/xml/User/User.xml\u0027 file, enabling direct authentication bypass.\u003c/p\u003e"
}
],
"value": "QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the \u0027/xml/User/User.xml\u0027 file, enabling direct authentication bypass."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T20:55:02.794Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48748",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48748"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.howfor.com"
},
{
"name": "Vendor Security Advisory for ZSL-2020-5579",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php"
},
{
"name": "VulnCheck Advisory: QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-cleartext-credentials-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36896",
"datePublished": "2025-12-10T20:55:02.794Z",
"dateReserved": "2025-12-09T11:46:53.452Z",
"dateUpdated": "2025-12-11T18:53:06.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36898 (GCVE-0-2020-36898)
Vulnerability from cvelistv5 – Published: 2025-12-10 21:03 – Updated: 2025-12-11 18:52
VLAI?
Title
QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion
Summary
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd. | QiHang Media Web Digital Signage |
Affected:
3.0.9
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:53:25.341220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:53.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5580.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QiHang Media Web Digital Signage",
"vendor": "Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "3.0.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eQiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the \u0027data\u0027 parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences.\u003c/p\u003e"
}
],
"value": "QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the \u0027data\u0027 parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:03:26.361Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48749",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48749"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.howfor.com"
},
{
"name": "Vendor Security Advisory for ZSL-2020-5580",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5580.php"
},
{
"name": "VulnCheck Advisory: QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-arbitrary-file-deletion"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36898",
"datePublished": "2025-12-10T21:03:26.361Z",
"dateReserved": "2025-12-09T11:46:53.452Z",
"dateUpdated": "2025-12-11T18:52:53.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36896 (GCVE-0-2020-36896)
Vulnerability from cvelistv5 – Published: 2025-12-10 20:55 – Updated: 2025-12-11 18:53
VLAI?
Title
QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure
Summary
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file, enabling direct authentication bypass.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd. | QiHang Media Web Digital Signage |
Affected:
3.0.9
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:54:05.839313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:53:06.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QiHang Media Web Digital Signage",
"vendor": "Shenzhen Xingmeng Qihang Media Co., Ltd.Guangzhou Hefeng Automation Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "3.0.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eQiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the \u0027/xml/User/User.xml\u0027 file, enabling direct authentication bypass.\u003c/p\u003e"
}
],
"value": "QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the \u0027/xml/User/User.xml\u0027 file, enabling direct authentication bypass."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T20:55:02.794Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48748",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48748"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.howfor.com"
},
{
"name": "Vendor Security Advisory for ZSL-2020-5579",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php"
},
{
"name": "VulnCheck Advisory: QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-cleartext-credentials-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36896",
"datePublished": "2025-12-10T20:55:02.794Z",
"dateReserved": "2025-12-09T11:46:53.452Z",
"dateUpdated": "2025-12-11T18:53:06.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}