CVE-2020-37228
9.8 CRITICALiDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by...
Published: 2026-05-16 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-307
Description
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-37228
- [Other]http://www.yerootech.com
- [Other]https://www.exploit-db.com/exploits/48991
- [Other]https://www.vulncheck.com/advisories/ids6-dsspro-digital-signage-system-captcha-security-bypass
- [Other]https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5607.php
Related CVEs
Same CWE
- CVE-2026-3329 — A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository v...
- CVE-2026-43926 — FOSSBilling is a free, open-source billing and client management system
- CVE-2026-36612 — Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 1... (6.4 MEDIUM)
- CVE-2026-36607 — Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change e... (8.8 HIGH)
- CVE-2026-10216 — A vulnerability was detected in unitedbyai droidclaw up to 0.5.3 (3.7 LOW)