VYPR
Unrated severityNVD Advisory· Published Dec 10, 2025· Updated Dec 11, 2025

UBICOD Medivision Digital Signage 1.5.1 Authorization Bypass via User Privileges

CVE-2020-36902

Description

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.