CNNVD-202512-1820 Information

Dec 10, 2025 cve

CNNVD ID

CNNVD-202512-1820

CVE-2020-36884

CNNVD Published: 2025-12-10

Description (Chinese)

BrightSign Digital Signage Diagnostic Web Server是美国BrightSign公司的一个故障诊断和配置工具。 BrightSign Digital Signage Diagnostic Web Server 8.2.26及之前版本存在代码问题漏洞，该漏洞源于Download Speed Test服务的url参数存在服务端请求伪造，可能导致网络枚举攻击。

Description (English)

BrightSign Digital Signage Diagnostic Web Server is a failure diagnosis and configuration tool for BrightSign in the United States. BrightSign Digital Signage Diagnostic Web Server 8.2.26 and previous versions had a code gap, which stemmed from the url parameter of the Download Speeed Test service, which had a service-end request for forgery and could lead to cyber-bomb attacks.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

BrightSign

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/zeroscience https://www.brightsign.biz https://www.exploit-db.com/exploits/48843 https://www.vulncheck.com/advisories/brightsign-digital-signage-diagnostic-web-server-unauthenticated-ssrf https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php

Share on: