SSRF in Brightsign, Llc Brightsign Digital Signage Diagnostic Web Server
CVE-2020-36884
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.008 (52.9th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)
- disclosure@vulncheck.com (issue-tracking)
- disclosure@vulncheck.com (third-party-advisory)