Vulnerability Details CVE-2020-36922
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 7.5
References
- https://cxsecurity.com/issue/WLB-2020120028
- https://exchange.xforce.ibmcloud.com/vulnerabilities/192606
- https://packetstorm.news/files/id/160343
- https://pro-bravia.sony.net
- https://pro-bravia.sony.net/resources/software/bravia-signage/
- https://pro.sony/ue_US/products/display-software
- https://www.exploit-db.com/exploits/49187
- https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php
Products affected by CVE-2020-36922
-
cpe:2.3:a:sony:bravia_signage:*