CVE-2020-36894
Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls.
| CWE | CWE-306 |
| Vendor | eibiz co.,ltd. |
| Product | i-media server digital signage |
| Published | Dec 10, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for eibiz co.,ltd. i-media server digital signage
Be the first to know when new unknown vulnerabilities affecting eibiz co.,ltd. i-media server digital signage are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
EIBIZ Co.,Ltd. / i-Media Server Digital Signage
0 โค 3.8.0
References
exploit-db.com: https://www.exploit-db.com/exploits/48763 zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5586.php eibiz.co.th: http://www.eibiz.co.th vulncheck.com: https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-user-creation-vulnerability
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab