Security Advisory

CVE-2020-36896

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-10 20:55:02

Last updated 2025-12-11 18:53:06

Assigner VulnCheck

State PUBLISHED

Description

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the /xml/User/User.xml file, enabling direct authentication bypass.

← Browse all CVEs View on cve.org ↗