CVE-2020-36904

Name of the Vulnerable Software and Affected Versions Selea CarPlateServer version 4.0.1.6

Description An issue allows attackers to execute arbitrary Windows binaries by manipulating the NO LIST EXE PATH configuration parameter. Authentication can be bypassed via the '/cps/' endpoint, enabling unauthorized modification of server configurations, such as changing administrator passwords and executing system commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.