Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.
No CVSS v3.1
Attack Vector Network
Attack Complexity High
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Sony |
|
Configuration 1 [-]
AND |
|
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Apr/32 | Mailing List Exploit Third Party Advisory |
http://www.securityfocus.com/bid/108072 | Third Party Advisory VDB Entry |
https://seclists.org/bugtraq/2019/Apr/34 | Mailing List Exploit Third Party Advisory |
https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-14T13:57:24
Updated: 2019-05-14T13:57:24
Reserved: 2019-04-18T00:00:00
Link: CVE-2019-11336
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-05-14T14:29:00.227
Modified: 2019-05-21T11:56:07.143
Link: CVE-2019-11336
JSON object: View
Redhat Information
No data.
CWE