Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-36896. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in QiHang Media Web Digital Signage 3.0.9, where unauthenticated attackers can retrieve cleartext credentials from an exposed XML file.
Description
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file, enabling direct authentication bypass.
Exploits (1)
This exploit demonstrates an information disclosure vulnerability in QiHang Media Web Digital Signage 3.0.9, where unauthenticated attackers can retrieve cleartext credentials from an exposed XML file.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N