CVE-2020-36894

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.eibiz.co.th	Broken Link
https://www.exploit-db.com/exploits/48763	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-user-creation-vulnerability	Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.php	Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.php	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:*:*:*:*:*:*:*

History

17 Dec 2025, 19:25

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:::::::*
First Time		Eibiz Eibiz i-media Server Digital Signage
References	~~() http://www.eibiz.co.th -~~	() http://www.eibiz.co.th - Broken Link
References	~~() https://www.exploit-db.com/exploits/48763 -~~	() https://www.exploit-db.com/exploits/48763 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-user-creation-vulnerability -~~	() https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-user-creation-vulnerability - Third Party Advisory
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.php - Exploit, Third Party Advisory

11 Dec 2025, 19:15

Type	Values Removed	Values Added
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.php -

10 Dec 2025, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-10 21:16

Updated : 2025-12-17 19:25

NVD link : CVE-2020-36894

Mitre link : CVE-2020-36894

CVE.ORG link : CVE-2020-36894

JSON object : View

Products Affected

eibiz

i-media_server_digital_signage

CWE

CWE-306

Missing Authentication for Critical Function

7.5 /10