Medium severityNVD Advisory· Published Dec 10, 2025· Updated Apr 15, 2026

CVE-2020-36884

Description

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.

Affected products

Zeroscience/Brightsign Digital Signage Diagnostic Web Serverinferred
Range: <=8.2.26

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.brightsign.biznvd
www.exploit-db.com/exploits/48843nvd
www.vulncheck.com/advisories/brightsign-digital-signage-diagnostic-web-server-unauthenticated-ssrfnvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5595.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000