QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-36910

Back to search

CVE-2020-36910

Published: Jan 6, 2026

Modified: Jan 6, 2026

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.

VendorProductVersions

CAYIN Technology

SMP-8000QD

affected
3.0

CAYIN Technology

SMP-8000

affected
3.0

CAYIN Technology

SMP-6000

affected
3.0 Build 19025
affected
1.0 Build 14246
affected
1.0 Build 14199
affected
1.0 Build 14167
affected
1.0 Build 14097

+3 more versions

CAYIN Technology

SMP-4000

affected
1.0 Build 14098
affected
1.0 Build 14092
affected
1.0 Build 14087

CAYIN Technology

SMP-2310

affected
3.0

CAYIN Technology

SMP-2300

affected
3.0 Build 19316

CAYIN Technology

SMP-2210

affected
3.0 Build 19025

CAYIN Technology

SMP-2200

affected
3.0 Build 19029
affected
3.0 Build 19025

CAYIN Technology

SMP-2100

affected
10.0 Build 16228
affected
3.0

CAYIN Technology

SMP-2000

affected
1.0 Build 14167
affected
1.0 Build 14087

CAYIN Technology

SMP-1000

affected
1.0 Build 14099

CAYIN Technology

SMP-PROPLUS

affected
1.5 Build 10081

CAYIN Technology

SMP-WEBPLUS

affected
6.5 Build 11126

CAYIN Technology

SMP-WEB4

affected
2.0 Build 13073
affected
2.0 Build 11175
affected
1.5 Build 11476
affected
1.5 Build 11126
affected
1.0 Build 10301

CAYIN Technology

SMP-300

affected
1.0 Build 14177

CAYIN Technology

SMP-200

affected
1.0 Build 13080
affected
1.0 Build 12331

CAYIN Technology

SMP-PRO4

affected
1.0

CAYIN Technology

SMP-NEO2

affected
1.0

CAYIN Technology

SMP-NEO

affected
1.0

Weaknesses (CWE)

CWE-78

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now