CVE-2020-36892

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.eibiz.co.th	Broken Link
https://www.exploit-db.com/exploits/48774	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-privilege-escalation	Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5584.php	Exploit Third Party Advisory
https://www.exploit-db.com/exploits/48774	Exploit Third Party Advisory VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5584.php	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:*:*:*:*:*:*:*

History

17 Dec 2025, 16:38

Type	Values Removed	Values Added
References	~~() http://www.eibiz.co.th -~~	() http://www.eibiz.co.th - Broken Link
References	~~() https://www.exploit-db.com/exploits/48774 -~~	() https://www.exploit-db.com/exploits/48774 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-privilege-escalation -~~	() https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-privilege-escalation - Third Party Advisory
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5584.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5584.php - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Eibiz Eibiz i-media Server Digital Signage
CPE		cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:::::::*

11 Dec 2025, 19:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/48774 -~~	() https://www.exploit-db.com/exploits/48774 -
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5584.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5584.php -

10 Dec 2025, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-10 21:16

Updated : 2025-12-17 16:38

NVD link : CVE-2020-36892

Mitre link : CVE-2020-36892

CVE.ORG link : CVE-2020-36892

JSON object : View

Products Affected

eibiz

i-media_server_digital_signage

CWE

CWE-306

Missing Authentication for Critical Function

9.8 /10