← Back

Medivision

medivision

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Medivision Digital Signage Firmware
medivision_digital_signage_firmware
2 CVEs
Medivision Digital Signage
medivision_digital_signage
0 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-36902
1Medivision
1Medivision Digital Signage Firmware
Dec 30, 2025
Dec 10, 2025
9.3 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/us...Show more
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.Show less
CVE-2020-36901
1Medivision
1Medivision Digital Signage Firmware
Dec 30, 2025
Dec 10, 2025
8.6 HIGH· v4
8.8 HIGH· v3
N/A· v2
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious...Show more
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new admin user with elevated privileges.Show less