Vulnerability Database

314,433

Total vulnerabilities in the database

CVE-2020-36884

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.

Published: Dec 10, 2025
Updated: Dec 14, 2025
CVE: CVE-2020-36884
Exploit:

No technical information available.

CWEs:

CWE-918

Affected Software
References

No affected software listed.

https://github.com/zeroscience
https://www.brightsign.biz
https://www.exploit-db.com/exploits/48843
https://www.vulncheck.com/advisories/brightsign-digital-signage-diagnostic-web-server-unauthenticated-ssrf
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.php

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo