Cross-Site Request Forgery in iDS6 DSSPro Digital Signage System by Yeroo Tech
CVE-2020-36918
Key Information:
- Vendor
Yerootech
- Vendor
- CVE Published:
- 6 January 2026
Badges
What is CVE-2020-36918?
The iDS6 DSSPro Digital Signage System version 6.2 is susceptible to a cross-site request forgery (CSRF) issue that permits attackers to execute administrative functions without proper request validation. This vulnerability arises from insufficient CSRF protections, which allows malicious actors to create deceptive web pages that can trick logged-in administrators into performing unauthorized actions, such as adding new users. Effective measures should be implemented to safeguard against such exploits and ensure the integrity of administrative controls.
Affected Version(s)
iDS6 DSSPro Digital Signage System 6.2 B2014.12.12.1220
iDS6 DSSPro Digital Signage System 5.6 B2017.07.12.1757
iDS6 DSSPro Digital Signage System 4.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved