CVE-2020-36884

N/A Unknown
Published: December 10, 2025 Modified: December 12, 2025
View on NVD

Description

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/zeroscience
Source: disclosure@vulncheck.com
https://www.brightsign.biz
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48843
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/brightsign-digital-signage-diagnostic-web-server-unauthenticated-ssrf
Source: disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48843
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

7 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
18th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-918

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A