CVE-2020-36917

🗓️ 06 Jan 2026 15:53:23Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 12 Views🌐 WEB

DSSPro Digital Signage System 6.2 leaks cleartext passwords via cookies over HTTP MITM.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2020-36917	6 Jan 202616:10	–	circl
CNNVD	Phoenix Contact iDS6 DSSPro 安全漏洞	6 Jan 202600:00	–	cnnvd
Cvelist	CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie	6 Jan 202615:53	–	cvelist
EUVD	EUVD-2026-1024	6 Jan 202615:53	–	euvd
NVD	CVE-2020-36917	6 Jan 202616:15	–	nvd
Positive Technologies	PT-2026-1451	6 Jan 202600:00	–	ptsecurity
Vulnrichment	CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie	6 Jan 202615:53	–	vulnrichment
Zero Science Lab	iDS6 DSSPro Digital Signage System 6.2 (autoSave) Cookie User Password Disclosure	4 Nov 202000:00	–	zeroscience

Vulners

Node

guangzhou_yeroo_tech ids6_dsspro_digital_signage_systemMatchv6.2_b2014.12.12.1220

guangzhou_yeroo_tech ids6_dsspro_digital_signage_systemMatchv5.6_b2017.07.12.1757

guangzhou_yeroo_tech ids6_dsspro_digital_signage_systemMatchv4.3

[
  {
    "vendor": "Guangzhou Yeroo Tech Co., Ltd.",
    "product": "iDS6 DSSPro Digital Signage System",
    "versions": [
      {
        "version": "V6.2 B2014.12.12.1220",
        "status": "affected"
      },
      {
        "version": "V5.6 B2017.07.12.1757",
        "status": "affected"
      },
      {
        "version": "V4.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
cxsecurity	www.cxsecurity.com/issue/WLB-2020110023
web	www.web.archive.org/web/20200919100215/http://www.yerootech.com/
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5605.php
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/191261
vulncheck	www.vulncheck.com/advisories/ids-dsspro-digital-signage-system-cleartext-password-disclosure-via-cookie
packetstormsecurity	www.packetstormsecurity.com/files/159915

Parameter	Position	Path	Description	CWE
cookie.username	header	/Pages/user.action	Cleartext transmission/storage of credentials via cookies during Remember/autoSave feature.	CWE-319
cookie.password	header	/Pages/user.action	Cleartext transmission/storage of credentials via cookies during Remember/autoSave feature.	CWE-319
cookie.autosave	header	/Pages/user.action	Cleartext transmission/storage of credentials via cookies during Remember/autoSave feature.	CWE-319
cookie.autologin	header	/Pages/user.action	Cleartext transmission/storage of credentials via cookies during Remember/autoSave feature.	CWE-319
cookie.admin.username	header	/admin/customer!list	Cleartext transmission/storage of admin credentials via cookies during Remember/autoSave feature.	CWE-319
cookie.admin.password	header	/admin/customer!list	Cleartext transmission/storage of admin credentials via cookies during Remember/autoSave feature.	CWE-319
cookie.admin.autosave	header	/admin/customer!list	Cleartext transmission/storage of admin credentials via cookies during Remember/autoSave feature.	CWE-319

17 Jun 2026 03:16Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.17.5

CVSS 48.6

EPSS0.0028

SSVC

CWE-319