← voltar
CVE-2020-36923

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR

CVSS 6.9 MEDIUMEPSS 0.9%CWE-639
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.9EPSS 0.9%KEV nãoPoC Patch
Ciclo de vida
06 jan 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Sony Electronics Inc. · Sony BRAVIA Digital Signage

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cxsecurity.com/issue/WLB-2020120031https://exchange.xforce.ibmcloud.com/vulnerabilities/192607https://packetstormsecurity.com/files/160344https://pro-bravia.sony.nethttps://pro-bravia.sony.net/resources/software/bravia-signage/https://pro.sony/ue_US/products/display-softwarehttps://www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idorhttps://www.zeroscience.mk/codes/sonybravia_idor.txthttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php