CVE-2020-36884

MEDIUM NUCLEI

BrightSign Digital Signage Diagnostic Web Server <8.2.26 - SSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36884. PoCs published by LiquidWorm. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates an unauthenticated SSRF vulnerability in BrightSign Digital Signage Diagnostic Web Server <= 8.2.26. The 'url' GET parameter is used to force the server to make arbitrary HTTP requests, enabling internal network enumeration or firewall bypass.

Description

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/48843

View Code ZIP pw:eip

The exploit demonstrates an unauthenticated SSRF vulnerability in BrightSign Digital Signage Diagnostic Web Server <= 8.2.26. The 'url' GET parameter is used to force the server to make arbitrary HTTP requests, enabling internal network enumeration or firewall bypass.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: BrightSign Digital Signage Diagnostic Web Server <= 8.2.26

No auth needed

Prerequisites: Network access to the target device · Diagnostic Web Server enabled on the target

MITRE ATT&CK

T1083 - File and Directory Discovery T1133 - External Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

MEDIUMVERIFIEDby 0x_Akoko

Shodan: title:"BrightSign"

References (5)

Core 5

Core References

Various Sources product

https://www.brightsign.biz

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php

Various Sources issue-tracking

https://github.com/zeroscience

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/48843

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/brightsign-digital-signage-diagnostic-web-server-unauthenticated-ssrf

Scores

CVSS v4 6.9

EPSS 0.0083

EPSS Percentile 52.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

BrightSign, LLC/BrightSign Digital Signage Diagnostic Web Server < 8.2.26

Published Dec 10, 2025

Tracked Since Feb 18, 2026