VYPR

Cayin CMS

by Cayin Technology

CVEs (5)

  • CVE-2020-36910HigJan 6, 2026
    risk 0.57cvss 8.8epss 0.01

    Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.

  • CVE-2020-7357Aug 6, 2020
    risk 0.06cvss epss 0.34

    Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue…

  • CVE-2020-7356Aug 6, 2020
    risk 0.04cvss epss 0.14

    CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate…

  • CVE-2020-6954Jan 13, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.

  • CVE-2020-6955Jan 13, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.