PT-2026-1445 · Cayin · Cayin Signage Media Player
Published
2026-01-06
·
Updated
2026-01-06
·
CVE-2020-36910
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cayin Signage Media Player version 3.0
Description
The software contains an authenticated remote command injection issue in the
system.cgi and wizard system.cgi pages. An attacker can exploit the NTP Server IP parameter using default credentials to execute arbitrary shell commands as root.Recommendations
Apply any available updates to address the issue in the
system.cgi and wizard system.cgi pages.
Change the default credentials to prevent unauthorized access.
Restrict access to the system.cgi and wizard system.cgi pages.
As a temporary workaround, avoid using the NTP Server IP parameter.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cayin Signage Media Player