CVE-2020-36901

HighPublic PoC

Published: 10 December 2025

Published

10 December 2025

Modified

30 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add…

a new admin user with elevated privileges.

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

SC-23 enforces session authenticity mechanisms such as anti-CSRF tokens, directly preventing attackers from forging requests to create admin users via malicious webpages.

SI-10 Information Input Validation good match

prevent

SI-10 requires validation of information inputs at endpoints like /query/user/itSet, blocking forged requests lacking proper CSRF validation.

AC-2 Account Management partial match

prevent

AC-2 establishes strict account management processes for creating administrative users, limiting unauthorized elevations even if CSRF bypasses initial validation.

Security SummaryAI

CVE-2020-36901 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting UBICOD Medivision Digital Signage version 1.5.1. The flaw resides in the /query/user/itSet endpoint, which lacks proper request validation, enabling attackers to create administrative user accounts with elevated privileges. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability by crafting a malicious web page that, when visited by a legitimate authenticated user, automatically submits a form to the vulnerable endpoint. This tricks the victim's browser into creating a new admin user account on the target system without the victim's knowledge or consent, requiring only user interaction such as visiting the attacker's page. Successful exploitation grants the attacker full administrative access, potentially allowing further compromise of the digital signage system.

Advisories from sources including VulnCheck, Zero Science (ZSL-2020-5574), and a proof-of-concept exploit on Exploit-DB (EDB-ID: 48694) document the issue, with the vendor site at medivision.co.kr listed as a reference. No specific patch or mitigation details are outlined in the available information.

Details

CWE(s): CWE-352

Affected Products

medivision

medivision digital signage firmware

1.5.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1136.001 Local Account Persistence

Adversaries may create a local account to maintain access to victim systems.

attack.mitre.org →

Why these techniques?

The CSRF vulnerability in a public-facing web endpoint (T1190) directly enables unauthenticated attackers to create local administrative accounts (T1136.001) by tricking authenticated users into submitting malicious requests.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

http://www.medivision.co.kr
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48694
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/ubicod-medivision-digital-signage-cross-site-request-forgery-via-user-management
Third Party Advisory · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5574.php
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5574.php
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0