PT-2025-50517 · Unknown · Qihang Media Web Digital Signage

Published

2025-12-10

Updated

2025-12-11

CVE-2020-36896

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions QiHang Media Web Digital Signage version 3.0.9

Description The software contains a flaw where administrative login information is exposed in cleartext. An unauthenticated attacker can access this information by requesting the '/xml/User/User.xml' file. This allows attackers to bypass authentication and gain access to administrative functions. The vulnerable file contains hardcoded admin credentials.

Recommendations Apply a fix to protect the '/xml/User/User.xml' file and prevent unauthorized access to administrative credentials.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-36896

Affected Products

Qihang Media Web Digital Signage

PT-2025-50517 · Unknown · Qihang Media Web Digital Signage

CVE-2020-36896

Weakness Enumeration

Related Identifiers

Affected Products

References · 8