प्लेटफ़ॉर्म
other
घटक
spinetix-fusion-digital-signage
में ठीक किया गया
8.2.27
CVE-2020-36886 describes a Cross-Site Request Forgery (XSRF) vulnerability present in SpinetiX Fusion Digital Signage versions 0 through 8.2.26. This flaw allows an attacker to create new administrative user accounts without proper request validation, potentially granting them complete control over the system. The vulnerability was published on December 10, 2025, and a fix is available in version 8.2.27.
The impact of this XSRF vulnerability is significant. An attacker can craft a malicious web page that, when visited by a logged-in user with sufficient privileges, automatically submits a form to create a new administrative user account. This bypasses standard authentication and authorization controls, effectively granting the attacker full system privileges. Successful exploitation could lead to unauthorized access to sensitive data, modification of system configurations, and even complete compromise of the digital signage deployment. The attacker could then leverage this administrative access to deploy malicious content, disrupt operations, or exfiltrate confidential information.
As of December 10, 2025, no public proof-of-concept exploits for CVE-2020-36886 are known. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation. While no active campaigns have been confirmed, the XSRF nature of the vulnerability means it could be exploited opportunistically.
Organizations deploying SpinetiX Fusion Digital Signage in environments where users have administrative privileges and browse untrusted websites are at risk. Shared hosting environments where multiple users share the same instance of the digital signage software are particularly vulnerable, as an attacker could potentially compromise the entire deployment through a single user's account.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.11% (29% शतमक)
CISA SSVC
The primary mitigation for CVE-2020-36886 is to upgrade SpinetiX Fusion Digital Signage to version 8.2.27 or later, which includes the necessary fix. If upgrading immediately is not feasible, consider implementing stricter input validation on administrative account creation forms to mitigate the risk of unauthorized account creation. Web Application Firewalls (WAFs) configured to detect and block XSRF attacks can also provide an additional layer of protection. Regularly review user accounts and permissions to identify and remove any suspicious or unauthorized accounts.
स्पिनेटिX फ्यूजन डिजिटल साइनेज को 8.2.26 से बाद के संस्करण में अपडेट करें। यह अनधिकृत प्रशासनिक उपयोगकर्ताओं के निर्माण की अनुमति देने वाली CSRF भेद्यता को ठीक कर देगा। नवीनतम संस्करण और अपडेट निर्देशों के लिए विक्रेता की वेबसाइट देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2020-36886 is a Cross-Site Request Forgery (XSRF) vulnerability allowing attackers to create admin accounts in SpinetiX Fusion Digital Signage versions 0-8.2.26, potentially gaining full system control.
You are affected if you are using SpinetiX Fusion Digital Signage versions 0 through 8.2.26. Upgrade to 8.2.27 or later to resolve the vulnerability.
Upgrade SpinetiX Fusion Digital Signage to version 8.2.27 or later. Consider implementing stricter input validation and WAF rules as interim measures.
No active exploitation campaigns have been confirmed as of December 10, 2025, but the vulnerability remains a potential risk.
Refer to the SpinetiX security advisory for detailed information and updates regarding CVE-2020-36886.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।