CVE-2020-36922

Sažetak

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

Reference

https://cxsecurity.com/issue/WLB-2020120028
https://exchange.xforce.ibmcloud.com/vulnerabilities/192606
https://packetstorm.news/files/id/160343
https://pro-bravia.sony.net
https://pro-bravia.sony.net/resources/software/bravia-signage/
https://pro.sony/ue_US/products/display-software
https://www.exploit-db.com/exploits/49187
https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

22-01-2026 - 21:20

Objavljeno

06-01-2026 - 16:15