2025-12-10 20:55:02
VulnCheck
PUBLISHED
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the /xml/User/User.xml file, enabling direct authentication bypass.