CVE-2020-36921

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VulnCheckCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2020110130
https://exchange.xforce.ibmcloud.com/vulnerabilities/191803
https://packetstormsecurity.com/files/160073
https://www.red-v.tv/
https://www.vulncheck.com/advisories/red-v-super-digital-signage-system-log-information-disclosure-vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php