CVE-2020-36884

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.

CVSS

No CVSS.

References

Link	Resource
https://github.com/zeroscience
https://www.brightsign.biz
https://www.exploit-db.com/exploits/48843
https://www.vulncheck.com/advisories/brightsign-digital-signage-diagnostic-web-server-unauthenticated-ssrf
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php
https://www.exploit-db.com/exploits/48843
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php

Configurations

No configuration.

History

11 Dec 2025, 19:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/48843 -~~	() https://www.exploit-db.com/exploits/48843 -
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php -

10 Dec 2025, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-10 21:16

Updated : 2025-12-12 15:18

NVD link : CVE-2020-36884

Mitre link : CVE-2020-36884

CVE.ORG link : CVE-2020-36884

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2020-36884", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-10T21:16:00.650", "references": [{"url": "https://github.com/zeroscience", "source": "disclosure@vulncheck.com"}, {"url": "https://www.brightsign.biz", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48843", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/brightsign-digital-signage-diagnostic-web-server-unauthenticated-ssrf", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48843", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts."}], "lastModified": "2025-12-12T15:18:42.140", "sourceIdentifier": "disclosure@vulncheck.com"}