CVE-2020-36910 (GCVE-0-2020-36910)
Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-06 19:32
VLAI
Title
Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter
Summary
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48557 | exploit |
| https://www.cayintech.com | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://packetstorm.news/files/id/157942 | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://cxsecurity.com/issue/WLB-2020060049 | exploit |
| https://www.vulncheck.com/advisories/cayin-signag… | third-party-advisory |
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| CAYIN Technology | SMP-8000QD |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-6000 |
Affected:
3.0 Build 19025
Affected: 1.0 Build 14246 Affected: 1.0 Build 14199 Affected: 1.0 Build 14167 Affected: 1.0 Build 14097 Affected: 1.0 Build 14090 Affected: 1.0 Build 14069 Affected: 1.0 Build 14062 |
|
| CAYIN Technology | SMP-4000 |
Affected:
1.0 Build 14098
Affected: 1.0 Build 14092 Affected: 1.0 Build 14087 |
|
| CAYIN Technology | SMP-2310 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-2300 |
Affected:
3.0 Build 19316
|
|
| CAYIN Technology | SMP-2210 |
Affected:
3.0 Build 19025
|
|
| CAYIN Technology | SMP-2200 |
Affected:
3.0 Build 19029
Affected: 3.0 Build 19025 |
|
| CAYIN Technology | SMP-2100 |
Affected:
10.0 Build 16228
Affected: 3.0 |
|
| CAYIN Technology | SMP-2000 |
Affected:
1.0 Build 14167
Affected: 1.0 Build 14087 |
|
| CAYIN Technology | SMP-1000 |
Affected:
1.0 Build 14099
|
|
| CAYIN Technology | SMP-PROPLUS |
Affected:
1.5 Build 10081
|
|
| CAYIN Technology | SMP-WEBPLUS |
Affected:
6.5 Build 11126
|
|
| CAYIN Technology | SMP-WEB4 |
Affected:
2.0 Build 13073
Affected: 2.0 Build 11175 Affected: 1.5 Build 11476 Affected: 1.5 Build 11126 Affected: 1.0 Build 10301 |
|
| CAYIN Technology | SMP-300 |
Affected:
1.0 Build 14177
|
|
| CAYIN Technology | SMP-200 |
Affected:
1.0 Build 13080
Affected: 1.0 Build 12331 |
|
| CAYIN Technology | SMP-PRO4 |
Affected:
1.0
|
|
| CAYIN Technology | SMP-NEO2 |
Affected:
1.0
|
|
| CAYIN Technology | SMP-NEO |
Affected:
1.0
|
Date Public
2020-06-04 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36910",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T19:31:33.067714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:32:13.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SMP-8000QD",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-8000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-6000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19025"
},
{
"status": "affected",
"version": "1.0 Build 14246"
},
{
"status": "affected",
"version": "1.0 Build 14199"
},
{
"status": "affected",
"version": "1.0 Build 14167"
},
{
"status": "affected",
"version": "1.0 Build 14097"
},
{
"status": "affected",
"version": "1.0 Build 14090"
},
{
"status": "affected",
"version": "1.0 Build 14069"
},
{
"status": "affected",
"version": "1.0 Build 14062"
}
]
},
{
"product": "SMP-4000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14098"
},
{
"status": "affected",
"version": "1.0 Build 14092"
},
{
"status": "affected",
"version": "1.0 Build 14087"
}
]
},
{
"product": "SMP-2310",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-2300",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19316"
}
]
},
{
"product": "SMP-2210",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19025"
}
]
},
{
"product": "SMP-2200",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19029"
},
{
"status": "affected",
"version": "3.0 Build 19025"
}
]
},
{
"product": "SMP-2100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "10.0 Build 16228"
},
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-2000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14167"
},
{
"status": "affected",
"version": "1.0 Build 14087"
}
]
},
{
"product": "SMP-1000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14099"
}
]
},
{
"product": "SMP-PROPLUS",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.5 Build 10081"
}
]
},
{
"product": "SMP-WEBPLUS",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "6.5 Build 11126"
}
]
},
{
"product": "SMP-WEB4",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "2.0 Build 13073"
},
{
"status": "affected",
"version": "2.0 Build 11175"
},
{
"status": "affected",
"version": "1.5 Build 11476"
},
{
"status": "affected",
"version": "1.5 Build 11126"
},
{
"status": "affected",
"version": "1.0 Build 10301"
}
]
},
{
"product": "SMP-300",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14177"
}
]
},
{
"product": "SMP-200",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 13080"
},
{
"status": "affected",
"version": "1.0 Build 12331"
}
]
},
{
"product": "SMP-PRO4",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "SMP-NEO2",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "SMP-NEO",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the \u0027NTP_Server_IP\u0027 parameter with default credentials to execute arbitrary shell commands as root."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:52:22.576Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48557",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48557"
},
{
"name": "Cayin Technology Official Website",
"tags": [
"product"
],
"url": "https://www.cayintech.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2020-5569)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/157942"
},
{
"name": "IBM X-Force Vulnerability Exchange",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182924"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"exploit"
],
"url": "https://cxsecurity.com/issue/WLB-2020060049"
},
{
"name": "VulnCheck Advisory: Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cayin-signage-media-player-authenticated-remote-command-injection-via-ntp-parameter"
}
],
"title": "Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36910",
"datePublished": "2026-01-06T15:52:22.576Z",
"dateReserved": "2026-01-03T14:10:13.300Z",
"dateUpdated": "2026-01-06T19:32:13.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-36910",
"date": "2026-05-29",
"epss": "0.00533",
"percentile": "0.67654"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-36910\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-01-06T16:15:46.847\",\"lastModified\":\"2026-01-08T18:09:23.230\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the \u0027NTP_Server_IP\u0027 parameter with default credentials to execute arbitrary shell commands as root.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://cxsecurity.com/issue/WLB-2020060049\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/182924\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://packetstorm.news/files/id/157942\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.cayintech.com\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.exploit-db.com/exploits/48557\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/cayin-signage-media-player-authenticated-remote-command-injection-via-ntp-parameter\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php\",\"source\":\"disclosure@vulncheck.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-36910\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-06T19:31:33.067714Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-06T19:32:01.236Z\"}}], \"cna\": {\"title\": \"Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"LiquidWorm as Gjoko Krstic of Zero Science Lab\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-8000QD\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-8000\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-6000\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0 Build 19025\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14246\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14199\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14167\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14097\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14090\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14069\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14062\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-4000\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0 Build 14098\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14092\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14087\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-2310\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-2300\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0 Build 19316\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-2210\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0 Build 19025\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-2200\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0 Build 19029\"}, {\"status\": \"affected\", \"version\": \"3.0 Build 19025\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-2100\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0 Build 16228\"}, {\"status\": \"affected\", \"version\": \"3.0\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-2000\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0 Build 14167\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 14087\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-1000\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0 Build 14099\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-PROPLUS\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.5 Build 10081\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-WEBPLUS\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.5 Build 11126\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-WEB4\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0 Build 13073\"}, {\"status\": \"affected\", \"version\": \"2.0 Build 11175\"}, {\"status\": \"affected\", \"version\": \"1.5 Build 11476\"}, {\"status\": \"affected\", \"version\": \"1.5 Build 11126\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 10301\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-300\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0 Build 14177\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-200\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0 Build 13080\"}, {\"status\": \"affected\", \"version\": \"1.0 Build 12331\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-PRO4\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-NEO2\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\"}]}, {\"vendor\": \"CAYIN Technology\", \"product\": \"SMP-NEO\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\"}]}], \"datePublic\": \"2020-06-04T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/48557\", \"name\": \"ExploitDB-48557\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.cayintech.com\", \"name\": \"Cayin Technology Official Website\", \"tags\": [\"product\"]}, {\"url\": \"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php\", \"name\": \"Zero Science Lab Disclosure (ZSL-2020-5569)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://packetstorm.news/files/id/157942\", \"name\": \"Packet Storm Security Exploit Entry\", \"tags\": [\"exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/182924\", \"name\": \"IBM X-Force Vulnerability Exchange\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://cxsecurity.com/issue/WLB-2020060049\", \"name\": \"CXSecurity Vulnerability Listing\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.vulncheck.com/advisories/cayin-signage-media-player-authenticated-remote-command-injection-via-ntp-parameter\", \"name\": \"VulnCheck Advisory: Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the \u0027NTP_Server_IP\u0027 parameter with default credentials to execute arbitrary shell commands as root.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-01-06T15:52:22.576Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-36910\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-06T19:32:13.853Z\", \"dateReserved\": \"2026-01-03T14:10:13.300Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-01-06T15:52:22.576Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…