CVE-2020-36892

UNKNOWN 0.0

Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.

CWE	CWE-306
Vendor	eibiz co.,ltd.
Product	i-media server digital signage
Published	Dec 10, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for eibiz co.,ltd. i-media server digital signage

Be the first to know when new unknown vulnerabilities affecting eibiz co.,ltd. i-media server digital signage are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

EIBIZ Co.,Ltd. / i-Media Server Digital Signage

0 ≤ 3.8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/48774 zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5584.php eibiz.co.th: http://www.eibiz.co.th vulncheck.com: https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-privilege-escalation

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab