CVE-2020-36899
Published: 10 December 2025
Summary
CVE-2020-36899 is a high-severity Exposure of Backup File to an Unauthorized Control Sphere (CWE-530) vulnerability in Howfor Qihang Media Web Digital Signage. Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30833
Vulnerability details
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents without…
more
authentication by manipulating download and getAll actions.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.