CVE-2020-36922
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Pro-Bravia · Sony BRAVIA Digital Signage¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://cxsecurity.com/issue/WLB-2020120028https://exchange.xforce.ibmcloud.com/vulnerabilities/192606https://packetstorm.news/files/id/160343https://pro-bravia.sony.nethttps://pro-bravia.sony.net/resources/software/bravia-signage/https://pro.sony/ue_US/products/display-softwarehttps://www.exploit-db.com/exploits/49187https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosurehttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php