Vendor

YeroTech

Products

CVEs

Across products

Status

Private

Products

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2020-37228	YeroTech iDS6 DSSPro Digital Signage System	Cri	0.64	9.8	0.00		May 16, 2026	iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.
CVE-2020-36920	YeroTech iDS6 DSSPro Digital Signage System	Hig	0.57	8.8	0.00		Jan 6, 2026	iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.

CVE-2020-37228CriMay 16, 2026
YeroTech
iDS6 DSSPro Digital Signage System
risk 0.64cvss 9.8epss 0.00
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.
CVE-2020-36920HigJan 6, 2026
YeroTech
iDS6 DSSPro Digital Signage System
risk 0.57cvss 8.8epss 0.00
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.