CVE-2020-36902 - Vulnerability Details

- UBICOD Medivision Digital Signage 1.5.1 Authorization Bypass via User Privileges

Description

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.

Published: 2025-12-10

Score: 9.3 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

UBICOD Co., Ltd. | MEDIVISION INC.

UBICOD Medivision Digital Signage

unaffected

Version	Status	Constraints
`Firmware 1.5.1 (2013.01.3)`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:medivision:medivision_digital_signage_firmware:1.5.1:*:*:*:*:*:*:*

cpe:2.3:h:medivision:medivision_digital_signage:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Medivision	Digital Signage	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00431.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
http://www.medivision.co.kr
https://www.exploit-db.com/exploits/48684
https://www.vulncheck.com/advisories/ubicod-medivision-digital-signage-authorization-bypass-via-user-privileges
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5575.php

History

Tue, 30 Dec 2025 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Medivision medivision Digital Signage Medivision medivision Digital Signage Firmware
CPEs		cpe:2.3:h:medivision:medivision_digital_signage:-:::::::* cpe:2.3:o:medivision:medivision_digital_signage_firmware:1.5.1:::::::*
Vendors & Products		Medivision medivision Digital Signage Medivision medivision Digital Signage Firmware
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 11 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Medivision Medivision digital Signage
Vendors & Products		Medivision Medivision digital Signage

Thu, 11 Dec 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 10 Dec 2025 21:15:00 +0000

Type	Values Removed	Values Added
Description		UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.
Title		UBICOD Medivision Digital Signage 1.5.1 Authorization Bypass via User Privileges
Weaknesses		CWE-862
References		http://www.medivision.co.kr https://www.exploit-db.com/exploits/48684 https://www.vulncheck.com/advisories/ubicod-medivision-digital-signage-authorization-bypass-via-user-privileges https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5575.php
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Medivision Digital Signage Medivision Digital Signage Medivision Digital Signage Firmware

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-10T21:05:41.753Z

Updated: 2025-12-11T18:52:29.859Z

Reserved: 2025-12-09T11:46:53.452Z

Link: CVE-2020-36902

Vulnrichment

Updated: 2025-12-11T15:52:29.526Z

NVD

Status : Analyzed

Published: 2025-12-10T21:16:03.037

Modified: 2025-12-30T20:31:06.793

Link: CVE-2020-36902

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-11T21:38:15Z

Weaknesses

CWE-862

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object