CVE-2020-36922 | THREATINT

Description

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

PUBLISHED Reserved 2026-01-03 | Published 2026-01-06 | Updated 2026-01-06 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Any version

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/49187 (ExploitDB-49187) exploit

pro-bravia.sony.net (Sony BRAVIA Digital Signage Official Homepage) product

pro-bravia.sony.net/resources/software/bravia-signage/ (BRAVIA Signage Software Resources) product

pro.sony/ue_US/products/display-software (Sony Professional Display Software Product Page) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php (Zero Science Lab Disclosure (ZSL-2020-5610)) third-party-advisory

packetstorm.news/files/id/160343 (Packet Storm Security Exploit Entry) exploit

cxsecurity.com/issue/WLB-2020120028 (CXSecurity Vulnerability Database) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/192606 (IBM X-Force Vulnerability Exchange) vdb-entry

www.vulncheck.com/...cated-system-api-information-disclosure (VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure) third-party-advisory

cve.org (CVE-2020-36922)

nvd.nist.gov (CVE-2020-36922)

Download JSON