CVE-2020-37228

CRITICAL

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37228. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates a CAPTCHA bypass vulnerability in iDS6 DSSPro Digital Signage System 6.2 by requesting the autoLoginVerifyCode object to obtain a JSON message code, which can then be used to bypass CAPTCHA authentication and perform brute-force attacks.

Description

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappshardware
https://www.exploit-db.com/exploits/48991

The exploit demonstrates a CAPTCHA bypass vulnerability in iDS6 DSSPro Digital Signage System 6.2 by requesting the autoLoginVerifyCode object to obtain a JSON message code, which can then be used to bypass CAPTCHA authentication and perform brute-force attacks.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: iDS6 DSSPro Digital Signage System 6.2
No auth needed
Prerequisites: Network access to the target system · cURL or similar HTTP client
devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-48991
https://www.exploit-db.com/exploits/48991
Vendor Advisory vendor-advisory
Vulnerability Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5607.php
Product product
Official Product Homepage
http://www.yerootech.com
Third Party Advisory third-party-advisory
VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
https://www.vulncheck.com/advisories/ids6-dsspro-digital-signage-system-captcha-security-bypass

Scores

CVSS v3 9.8
EPSS 0.0043
EPSS Percentile 34.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-307
Status published
Products (1)
Yerootech/iDS6 DSSPro Digital Signage System 6.2
Published May 16, 2026
Tracked Since May 16, 2026