[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-37228":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-17T05:03:47.720Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":346,"aliases":361,"duplicate_of":9,"upstream":362,"downstream":363,"duplicates":364,"related":365,"reserved_at":9,"published_at":366,"modified_at":366,"state":367,"summary":368,"references_raw":374,"kevs":395,"epss":9,"epss_history":396,"metrics":397,"affected":409},"CVE-2020-37228","iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-307","Improper Restriction of Excessive Authentication Attempts","The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.","weakness","Draft","Base",[19,23,105,164,249,284,342],{"id":20,"name":21,"techniques":22},"CAPEC-16","Dictionary-based Password Attack",[],{"id":24,"name":25,"techniques":26},"CAPEC-49","Password Brute Forcing",[27],{"id":28,"name":29,"tactics":30,"countermeasures":34},"T1110.001","Password Guessing",[31],{"id":32,"name":33},"TA0031","Credential Access",[35,40,44,48,53,57,62,67,71,75,79,83,87,91,95,100],{"id":36,"name":37,"tactic":38},"D3-CCSA","Credential Compromise Scope Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-AEM","Application Exception Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-OPM","Operational Process Monitoring",{"name":39},{"id":49,"name":50,"tactic":51},"D3-CR","Credential Revocation",{"name":52},"Evict",{"id":54,"name":55,"tactic":56},"D3-ANCI","Authentication Cache Invalidation",{"name":52},{"id":58,"name":59,"tactic":60},"D3-DUC","Decoy User Credential",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-CH","Credential Hardening",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-MFA","Multi-factor Authentication",{"name":66},{"id":72,"name":73,"tactic":74},"D3-CRO","Credential Rotation",{"name":66},{"id":76,"name":77,"tactic":78},"D3-PR","Password Rotation",{"name":66},{"id":80,"name":81,"tactic":82},"D3-PWA","Password Authentication",{"name":66},{"id":84,"name":85,"tactic":86},"D3-CDP","Change Default Password",{"name":66},{"id":88,"name":89,"tactic":90},"D3-SPP","Strong Password Policy",{"name":66},{"id":92,"name":93,"tactic":94},"D3-OTP","One-time Password",{"name":66},{"id":96,"name":97,"tactic":98},"D3-RIC","Reissue Credential",{"name":99},"Restore",{"id":101,"name":102,"tactic":103},"D3-CTS","Credential Transmission Scoping",{"name":104},"Isolate",{"id":106,"name":107,"techniques":108},"CAPEC-560","Use of Known Domain Credentials",[109],{"id":110,"name":111,"tactics":112,"countermeasures":128},"T1078","Valid Accounts",[113,116,119,122,125],{"id":114,"name":115},"TA0030","Defense Evasion",{"id":117,"name":118},"TA0005","Stealth",{"id":120,"name":121},"TA0110","Persistence",{"id":123,"name":124},"TA0111","Privilege Escalation",{"id":126,"name":127},"TA0108","Initial Access",[129,134,138,142,146,150,152,156,160],{"id":130,"name":131,"tactic":132},"D3-AM","Access Modeling",{"name":133},"Model",{"id":135,"name":136,"tactic":137},"D3-LAM","Local Account Monitoring",{"name":39},{"id":139,"name":140,"tactic":141},"D3-DAM","Domain Account Monitoring",{"name":39},{"id":143,"name":144,"tactic":145},"D3-AL","Account Locking",{"name":52},{"id":147,"name":148,"tactic":149},"D3-AA","Agent Authentication",{"name":66},{"id":84,"name":85,"tactic":151},{"name":66},{"id":153,"name":154,"tactic":155},"D3-ULA","Unlock Account",{"name":99},{"id":157,"name":158,"tactic":159},"D3-RUAA","Restore User Account Access",{"name":99},{"id":161,"name":162,"tactic":163},"D3-UAP","User Account Permissions",{"name":104},{"id":165,"name":166,"techniques":167},"CAPEC-565","Password Spraying",[168],{"id":169,"name":166,"tactics":170,"countermeasures":172},"T1110.003",[171],{"id":32,"name":33},[173,175,177,179,183,187,191,195,199,203,207,211,215,219,221,223,225,227,229,231,233,235,237,239,241,243,245],{"id":36,"name":37,"tactic":174},{"name":39},{"id":41,"name":42,"tactic":176},{"name":39},{"id":45,"name":46,"tactic":178},{"name":39},{"id":180,"name":181,"tactic":182},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":39},{"id":184,"name":185,"tactic":186},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":39},{"id":188,"name":189,"tactic":190},"D3-CSPP","Client-server Payload Profiling",{"name":39},{"id":192,"name":193,"tactic":194},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":39},{"id":196,"name":197,"tactic":198},"D3-NTSA","Network Traffic Signature Analysis",{"name":39},{"id":200,"name":201,"tactic":202},"D3-APCA","Application Protocol Command Analysis",{"name":39},{"id":204,"name":205,"tactic":206},"D3-NTCD","Network Traffic Community Deviation",{"name":39},{"id":208,"name":209,"tactic":210},"D3-RTSD","Remote Terminal Session Detection",{"name":39},{"id":212,"name":213,"tactic":214},"D3-CAA","Connection Attempt Analysis",{"name":39},{"id":216,"name":217,"tactic":218},"D3-ANAA","Administrative Network Activity Analysis",{"name":39},{"id":49,"name":50,"tactic":220},{"name":52},{"id":54,"name":55,"tactic":222},{"name":52},{"id":58,"name":59,"tactic":224},{"name":61},{"id":63,"name":64,"tactic":226},{"name":66},{"id":68,"name":69,"tactic":228},{"name":66},{"id":72,"name":73,"tactic":230},{"name":66},{"id":76,"name":77,"tactic":232},{"name":66},{"id":80,"name":81,"tactic":234},{"name":66},{"id":84,"name":85,"tactic":236},{"name":66},{"id":88,"name":89,"tactic":238},{"name":66},{"id":92,"name":93,"tactic":240},{"name":66},{"id":96,"name":97,"tactic":242},{"name":99},{"id":101,"name":102,"tactic":244},{"name":104},{"id":246,"name":247,"tactic":248},"D3-NTF","Network Traffic Filtering",{"name":104},{"id":250,"name":251,"techniques":252},"CAPEC-600","Credential Stuffing",[253],{"id":254,"name":251,"tactics":255,"countermeasures":257},"T1110.004",[256],{"id":32,"name":33},[258,260,262,264,266,268,270,272,274,276,278,280,282],{"id":41,"name":42,"tactic":259},{"name":39},{"id":45,"name":46,"tactic":261},{"name":39},{"id":180,"name":181,"tactic":263},{"name":39},{"id":184,"name":185,"tactic":265},{"name":39},{"id":188,"name":189,"tactic":267},{"name":39},{"id":192,"name":193,"tactic":269},{"name":39},{"id":196,"name":197,"tactic":271},{"name":39},{"id":200,"name":201,"tactic":273},{"name":39},{"id":204,"name":205,"tactic":275},{"name":39},{"id":208,"name":209,"tactic":277},{"name":39},{"id":212,"name":213,"tactic":279},{"name":39},{"id":216,"name":217,"tactic":281},{"name":39},{"id":246,"name":247,"tactic":283},{"name":104},{"id":285,"name":286,"techniques":287},"CAPEC-652","Use of Known Kerberos Credentials",[288],{"id":289,"name":290,"tactics":291,"countermeasures":293},"T1558","Steal or Forge Kerberos Tickets",[292],{"id":32,"name":33},[294,296,298,300,302,304,306,308,310,312,316,318,320,322,324,326,328,332,336,338,340],{"id":180,"name":181,"tactic":295},{"name":39},{"id":184,"name":185,"tactic":297},{"name":39},{"id":188,"name":189,"tactic":299},{"name":39},{"id":192,"name":193,"tactic":301},{"name":39},{"id":196,"name":197,"tactic":303},{"name":39},{"id":200,"name":201,"tactic":305},{"name":39},{"id":204,"name":205,"tactic":307},{"name":39},{"id":208,"name":209,"tactic":309},{"name":39},{"id":36,"name":37,"tactic":311},{"name":39},{"id":313,"name":314,"tactic":315},"D3-RTA","RPC Traffic Analysis",{"name":39},{"id":49,"name":50,"tactic":317},{"name":52},{"id":54,"name":55,"tactic":319},{"name":52},{"id":58,"name":59,"tactic":321},{"name":61},{"id":63,"name":64,"tactic":323},{"name":66},{"id":68,"name":69,"tactic":325},{"name":66},{"id":72,"name":73,"tactic":327},{"name":66},{"id":329,"name":330,"tactic":331},"D3-TB","Token Binding",{"name":66},{"id":333,"name":334,"tactic":335},"D3-TBA","Token-based Authentication",{"name":66},{"id":96,"name":97,"tactic":337},{"name":99},{"id":246,"name":247,"tactic":339},{"name":104},{"id":101,"name":102,"tactic":341},{"name":104},{"id":343,"name":344,"techniques":345},"CAPEC-653","Use of Known Operating System Credentials",[],[347],{"_key":348,"name":349,"source":350,"url":351,"maturity":352,"reliability_score":353,"verified":354,"type":9,"platforms":355,"requires_auth":9,"exploitdb":357,"metasploit":9},"48991","iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass","exploit-database","https://www.exploit-db.com/exploits/48991","poc",0.5,false,[356],"hardware",{"verified":354,"type":358,"platform":356,"file":359,"codes":360},"webapps","exploits/hardware/webapps/48991.txt",[],[],[],[],[],[],"2026-05-16T15:25:46.353Z","Received",{"cisa_kev":354,"cisa_ransomware":354,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":369,"severity_score":370,"severity_version":371,"severity_source":372,"severity_vector":373,"severity_status":367},"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[375,380,385,390],{"url":351,"sources":376,"tags":378},[372,377],"nvd",[379],"Exploit",{"url":381,"sources":382,"tags":383},"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5607.php",[372,377],[384],"Vendor Advisory",{"url":386,"sources":387,"tags":388},"http://www.yerootech.com",[372,377],[389],"Product",{"url":391,"sources":392,"tags":393},"https://www.vulncheck.com/advisories/ids6-dsspro-digital-signage-system-captcha-security-bypass",[372,377],[394],"Third Party Advisory",[],[],[398,405],{"source":372,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":399,"cvss_v4_0":402},{"baseScore":370,"baseSeverity":400,"vectorString":373,"impactScore":370,"exploitabilityScore":401},"CRITICAL",10,{"baseScore":403,"baseSeverity":400,"vectorString":404,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",{"source":377,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":406,"cvss_v4_0":407},{"baseScore":370,"baseSeverity":400,"vectorString":373,"impactScore":370,"exploitabilityScore":401},{"baseScore":403,"baseSeverity":400,"vectorString":408,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[410],{"ecosystem":9,"name":411,"vendor":412,"product":413,"cpe_part":414,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":415},"iDS6 DSSPro Digital Signage System","yerootech","ids6 dsspro digital signage system","a",[416],{"version":417,"is_range":354,"range_type":372,"version_start":417,"version_start_type":418,"version_end":417,"version_end_type":418,"fixed_in":9},"6.2","including"]