High severity7.5NVD Advisory· Published Dec 31, 2025· Updated Apr 15, 2026
CVE-2020-36904
CVE-2020-36904
Description
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 4.0.1.6
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.