VYPR

BrightSign OS

by BrightSign

CVEs (5)

  • CVE-2017-17739CriDec 18, 2017
    risk 0.68cvss 9.8epss 0.12

    The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.

  • CVE-2025-54756HigFeb 12, 2026
    risk 0.55cvss 8.4epss 0.00

    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are…

  • CVE-2025-3925HigMay 7, 2025
    risk 0.51cvss 7.8epss 0.00

    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.

  • CVE-2020-36884MedDec 10, 2025
    risk 0.45cvss epss 0.01

    BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network…

  • CVE-2017-17737MedDec 18, 2017
    risk 0.43cvss 6.1epss 0.02

    The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.