๐Ÿ” CVE Alert

CVE-2020-36910

HIGH 8.8

Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.

CWE CWE-78
Vendor cayin technology
Product smp-8000qd
Published Jan 6, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for cayin technology smp-8000qd

Be the first to know when new high vulnerabilities affecting cayin technology smp-8000qd are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

CAYIN Technology / SMP-8000QD
3.0
CAYIN Technology / SMP-8000
3.0
CAYIN Technology / SMP-6000
3.0 Build 19025 1.0 Build 14246 1.0 Build 14199 1.0 Build 14167 1.0 Build 14097 1.0 Build 14090 1.0 Build 14069 1.0 Build 14062
CAYIN Technology / SMP-4000
1.0 Build 14098 1.0 Build 14092 1.0 Build 14087
CAYIN Technology / SMP-2310
3.0
CAYIN Technology / SMP-2300
3.0 Build 19316
CAYIN Technology / SMP-2210
3.0 Build 19025
CAYIN Technology / SMP-2200
3.0 Build 19029 3.0 Build 19025
CAYIN Technology / SMP-2100
10.0 Build 16228 3.0
CAYIN Technology / SMP-2000
1.0 Build 14167 1.0 Build 14087
CAYIN Technology / SMP-1000
1.0 Build 14099
CAYIN Technology / SMP-PROPLUS
1.5 Build 10081
CAYIN Technology / SMP-WEBPLUS
6.5 Build 11126
CAYIN Technology / SMP-WEB4
2.0 Build 13073 2.0 Build 11175 1.5 Build 11476 1.5 Build 11126 1.0 Build 10301
CAYIN Technology / SMP-300
1.0 Build 14177
CAYIN Technology / SMP-200
1.0 Build 13080 1.0 Build 12331
CAYIN Technology / SMP-PRO4
1.0
CAYIN Technology / SMP-NEO2
1.0
CAYIN Technology / SMP-NEO
1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
exploit-db.com: https://www.exploit-db.com/exploits/48557 cayintech.com: https://www.cayintech.com zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php packetstorm.news: https://packetstorm.news/files/id/157942 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/182924 cxsecurity.com: https://cxsecurity.com/issue/WLB-2020060049 vulncheck.com: https://www.vulncheck.com/advisories/cayin-signage-media-player-authenticated-remote-command-injection-via-ntp-parameter

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab