Cross-Site Request Forgery in UBICOD Medivision Digital Signage
CVE-2020-36901

8.6HIGH

Key Information:

Vendor: Ubicod Co., Ltd. | Medivision Inc.
Status: Ubicod Medivision Digital Signage
Vendor: CVE Published:; 10 December 2025

🔔 Create Ubicod Co., Ltd. | Medivision Inc. Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-36901?

UBICOD Medivision Digital Signage version 1.5.1 is susceptible to a cross-site request forgery vulnerability that allows attackers to create unauthorized administrative accounts. By crafting a malicious web page, an attacker can submit a request to the /query/user/itSet endpoint unimpeded. The lack of proper request validation makes it possible for these attackers to gain elevated privileges, potentially compromising the security of the entire system.

Affected Version(s)

UBICOD Medivision Digital Signage Firmware 1.5.1 (2013.01.3)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-36901 - Proof of Concept