CVE-2020-36914

Summary

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner.

Affected Software

VendorProductVersion RangeStatus
Shenzhen Xingmeng Qihang Media Co., Ltd.QiHang Media Web (QH.aspx) Digital Signage3.0.9.0affected

Weaknesses

  • CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References