Ubicod Co Ltd Medivision Inc Ubicod Medivision Digital Signage vulnerabilities
2 known vulnerabilities affecting ubicod_co_ltd_medivision_inc/ubicod_medivision_digital_signage.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-36902P2CRITICALCVSS 9.8vFirmware 1.5.1 (2013.01.3)2025-12-10
CVE-2020-36902 [CRITICAL] CWE-862 CVE-2020-36902: UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows n
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.
nvd
CVE-2020-36901P3HIGHCVSS 8.8vFirmware 1.5.1 (2013.01.3)2025-12-10
CVE-2020-36901 [HIGH] CWE-352 CVE-2020-36901: UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that all
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new admin user with elevated privileges.
nvd