What is CVE-2020-36920?

CVE-2020-36920 is a high-severity vulnerability in Yerootech Ids6 Dsspro Digital Signage System, classified under Incorrect Authorization. CVSS score: 8.8/10. Published 2026-01-06.

How severe is CVE-2020-36920?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Yerootech Ids6 Dsspro Digital Signage System

CVE-2020-36920

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions…

Vulnerability class: Broken Access Control

EPSS: 0.001 (21.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Yerootech Ids6 Dsspro Digital Signage System — versions 6.2

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

ExploitDB-48992 (exploit)
Archived Yeroo Tech Vendor Homepage (product)
Zero Science Lab Disclosure (ZSL-2020-5608) (third-party-advisory)
Packet Storm Security Exploit Entry (exploit)
CXSecurity Vulnerability Database Entry (exploit)
IBM X-Force Vulnerability Exchange (vdb-entry)
VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control (third-party-advisory)

Frequently asked questions

What is CVE-2020-36920?: CVE-2020-36920 is a high-severity vulnerability in Yerootech Ids6 Dsspro Digital Signage System, classified under Incorrect Authorization. CVSS score: 8.8/10. Published 2026-01-06.
How severe is CVE-2020-36920?: High severity. CVSS v3 base score is 8.8 out of 10.