CVE-2020-36921

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cxsecurity.com/issue/WLB-2020110130
https://exchange.xforce.ibmcloud.com/vulnerabilities/191803
https://packetstormsecurity.com/files/160073
https://www.red-v.tv/
https://www.vulncheck.com/advisories/red-v-super-digital-signage-system-log-information-disclosure-vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) RED-V Super Digital Signage System 5.1.1 contiene una vulnerabilidad de revelación de información que permite a atacantes no autenticados acceder a archivos de registro sensibles del servidor web. Los atacantes pueden visitar múltiples puntos finales para recuperar recursos del sistema e información de registro de depuración sin autenticación.

06 Jan 2026, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-06 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2020-36921

Mitre link : CVE-2020-36921

CVE.ORG link : CVE-2020-36921

JSON object : View

Products Affected

No product.

CWE

CWE-548

Exposure of Information Through Directory Listing

{"id": "CVE-2020-36921", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-06T16:15:48.427", "references": [{"url": "https://cxsecurity.com/issue/WLB-2020110130", "source": "disclosure@vulncheck.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191803", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstormsecurity.com/files/160073", "source": "disclosure@vulncheck.com"}, {"url": "https://www.red-v.tv/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/red-v-super-digital-signage-system-log-information-disclosure-vulnerability", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-548"}]}], "descriptions": [{"lang": "en", "value": "RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication."}, {"lang": "es", "value": "RED-V Super Digital Signage System 5.1.1 contiene una vulnerabilidad de revelaci\u00f3n de informaci\u00f3n que permite a atacantes no autenticados acceder a archivos de registro sensibles del servidor web. Los atacantes pueden visitar m\u00faltiples puntos finales para recuperar recursos del sistema e informaci\u00f3n de registro de depuraci\u00f3n sin autenticaci\u00f3n."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}