CVE-2020-36923

Medium CVSS: 6.9

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.

Vendor

Sony

Product

Bravia Signage

CWE

CWE-639

Yayın Tarihi

2026-01-06 16:15:48

Güncelleme

2026-01-22 21:15:17

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-639 Bravia Signage MEDIUM Sony 2026

Referanslar

https://cxsecurity.com/issue/WLB-2020120031 https://exchange.xforce.ibmcloud.com/vulnerabilities/192607 https://packetstormsecurity.com/files/160344 https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ue_US/products/display-software https://www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idor https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php https://www.zeroscience.mk/codes/sonybravia_idor.txt https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php

Benzer Kayıtlar

Medium

CVE-2020-36922

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers…

Medium

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitra…

Critical

CVE-2020-36885

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allo…

Medium

CVE-2025-64730

Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary s…

Low

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a speciall…

High

CVE-2025-5475

Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow…