CVE-2020-36914

Description

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner.

PUBLISHED Reserved 2026-01-03 | Published 2026-01-06 | Updated 2026-01-06 | Assigner VulnCheck

Problem types

Cleartext Transmission of Sensitive Information

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5578.php (Zero Science Lab Disclosure (ZSL-2020-5578)) third-party-advisory

packetstormsecurity.com/files/158858 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/186770 (IBM X-Force Vulnerability Exchange) vdb-entry

cxsecurity.com/issue/WLB-2020080059 (CXSecurity Vulnerability Database Entry) third-party-advisory

www.howfor.com/ (HowFor Vendor Homepage) product

www.vulncheck.com/...e-authentication-credentials-disclosure (VulnCheck Advisory: QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure) third-party-advisory

cve.org (CVE-2020-36914)

nvd.nist.gov (CVE-2020-36914)

Download JSON