QwikSec

Security Database

CVE

CWE

Training

CVE-2020-36894

Published: Dec 10, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls.

Vendor	Product	Versions
EIBIZ Co.,Ltd.	i-Media Server Digital Signage	affected `0 - <= 3.8.0`

Weaknesses (CWE)

References

ExploitDB-48763

exploit

Vulnerability Advisory

vendor-advisory

technical-description

VulnCheck Advisory: Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2020-36894 - Security Vulnerability | QwikSec