CRITICAL
Yerootech
CVE published 2026-05-16
CVE-2020-37228
CVE-2020-37228 is a critical authentication weakness in iDS6 DSSPro Digital Signage System 6.2. According to the supplied record, an attacker can request the autoLoginVerifyCode object, recover valid CAPTCHA codes through the login endpoint, and use that behavior to bypass authentication protections and brute-force user accounts. The NVD data in the corpus rates the issue at CVSS 9.3 and maps it to CWE-307.