Cyber Posture

CVE-2020-37228

CriticalPublic PoC

Published: 16 May 2026

Published
16 May 2026
Modified
16 May 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score N/A
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37228 is a critical-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Yerootech (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AC-7 Unsuccessful Logon Attempts
addresses: CWE-307

This control directly enforces limits on consecutive invalid logon attempts and automatic response (e.g., lockout) to prevent brute-force exploitation of authentication mechanisms.

IA-10 Adaptive Authentication
addresses: CWE-307

Specific conditions can include excessive failed attempts, triggering stronger authentication that restricts brute-force exploitation.

NVD Description

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks…

more

against user accounts.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-307

Affected Products

Yerootech
inferred from references and description; NVD did not file a CPE for this CVE

References