CVE-2020-36896

High CVSS: 8.7

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file, enabling direct authentication bypass.

Vendor

Howfor

Product

Qihang Media Web Digital Signage

CWE

CWE-522

Yayın Tarihi

2025-12-10 21:16:02

Güncelleme

2025-12-17 19:21:26

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-522 Qihang Media Web Digital Signage HIGH Howfor 2025

Referanslar

http://www.howfor.com https://www.exploit-db.com/exploits/48748 https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-cleartext-credentials-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php

Benzer Kayıtlar

Critical

CVE-2020-36897

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx fi…

High

CVE-2020-36898

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint t…

High

CVE-2020-36899

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote atta…