← volver
CVE-2020-36923

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR

CVSS 6.9 MEDIUMEPSS 0.9%CWE-639
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.9EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Sony Electronics Inc. · Sony BRAVIA Digital Signage

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cxsecurity.com/issue/WLB-2020120031https://exchange.xforce.ibmcloud.com/vulnerabilities/192607https://packetstormsecurity.com/files/160344https://pro-bravia.sony.nethttps://pro-bravia.sony.net/resources/software/bravia-signage/https://pro.sony/ue_US/products/display-softwarehttps://www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idorhttps://www.zeroscience.mk/codes/sonybravia_idor.txthttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php