CVE-2020-37228 (CVSS 9.8) — iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retri

A critical vulnerability, CVE-2020-37228, has been published with a CVSS score of 9.8, indicating a severe security flaw in the iDS6 DSSPro Digital Signage System version 6.2. The issue allows an attacker to bypass CAPTCHA authentication by directly requesting the autoLoginVerifyCode object, effectively enabling unauthorized access without valid credentials. This vulnerability was published on May 16, 2026, and is now publicly documented in the National Vulnerability Database.

Organizations affected are primarily those using iDS6 DSSPro for digital signage, which includes sectors such as retail, hospitality, transportation, healthcare, and corporate communications. Any entity relying on this system for public-facing displays or internal information boards is at risk, as the bypass could allow attackers to manipulate content, disrupt operations, or gain a foothold in the network.

Compliance teams should immediately verify if their organization uses iDS6 DSSPro 6.2 and, if so, apply any available patches or vendor-supplied mitigations. Until a fix is deployed, consider isolating the system from untrusted networks and implementing additional access controls, such as network segmentation or multi-factor authentication. Document this vulnerability in your risk register and update your incident response plan to address potential exploitation.