Cross-Site Request Forgery Vulnerability in P5 FNIP-8x16A FNIP-4xSH
CVE-2020-36906

5.3MEDIUM

Key Information:

Vendor

P5

Status
Fnip-8x16a
Vendor
CVE Published:
6 January 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2020-36906?

The P5 FNIP-8x16A FNIP-4xSH version 1.0.20 is vulnerable to cross-site request forgery (CSRF), which allows attackers to execute unauthorized administrative actions. By deceiving a logged-in user into accessing a malicious webpage, an attacker can manipulate the victim's session to create new admin accounts, change existing user passwords, or alter system settings without their consent. This vulnerability poses significant risks by potentially granting attackers unauthorized control over the system.

Affected Version(s)

FNIP-8x16A 1.0.20

FNIP-8x16A 1.0.11

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-36906 - Proof of Concept

CVE-2020-36906 - Proof of Concept

References

https://www.exploit-db.com/exploits/48362
exploit
https://www.p5.hu
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-55...
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

iej1ctk1g
JSON
.
CVE-2020-36906 : Cross-Site Request Forgery Vulnerability in P5 FNIP-8x16A FNIP-4xSH