CVE-2020-36922

HIGH

Sony BRAVIA Digital Signage <1.7.8 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36922. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated information disclosure vulnerability in Sony BRAVIA Digital Signage 1.7.8. It leverages an exposed API endpoint to retrieve sensitive system information, including network interfaces, server time, and OS details.

Description

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/49187

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated information disclosure vulnerability in Sony BRAVIA Digital Signage 1.7.8. It leverages an exposed API endpoint to retrieve sensitive system information, including network interfaces, server time, and OS details.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Sony BRAVIA Digital Signage <=1.7.8

No auth needed

Prerequisites: Network access to the target device · API endpoint exposed on port 8080

MITRE ATT&CK