CVSS: 8.1EPSS: 0%CPEs: 89EXPL: 4CVE-2019-11336 – Sony Smart TV Information Disclosure / File Read
https://notcve.org/view.php?id=CVE-2019-11336
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886. Los dispositivos Sony Bravia Smart TV permiten a los atacantes remotos recuperar la contraseña estática de Wi-Fi (utilizada cuando el televisor está funcionando como un punto de acceso) mediante el uso de la aplicación Photo Sharing Plus para ejecutar un comando API tipo blackdoor, una vulnerabilidad diferente a la CVE-2019- 10886. Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities. • http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html http://seclists.org/fulldisclosure/2019/Apr/32 http://www.securityfocus.com/bid/108072 https://seclists.org/bugtraq/2019/Apr/34 https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 89EXPL: 2CVE-2019-10886 – Sony Smart TV Information Disclosure / File Read
https://notcve.org/view.php?id=CVE-2019-10886
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network. Un control de acceso incorrecto en la aplicación Photo Sharing Plus de Sony en versiones de firmware anteriores (para televisores X7500D y otras posibles televisiones). Esta vulnerabilidad permite a un atacante sin autenticación leer archivos arbitrarios cuando la aplicación Photo Sharing Plus se está ejecutando. • http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html http://seclists.org/fulldisclosure/2019/Apr/32 http://www.securityfocus.com/bid/108072 https://seclists.org/bugtraq/2019/Apr/34 https://www.sony.com/electronics/support/downloads/00016043 • CWE-306: Missing Authentication for Critical Function •