Sony bravia digital signage 1.7.8 system api information disclosure Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-12-03 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Sony bravia digital signage 1.7.8 system api information disclosure is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure
# Date: 20.09.2020
# Exploit Author: LiquidWorm
# Vendor Homepage: https://pro-bravia.sony.net
# Version: 1.7.8
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
Vendor: Sony Electronics Inc.
Product web page: https://pro-bravia.sony.net
https://pro-bravia.sony.net/resources/software/bravia-signage/
https://pro.sony/ue_US/products/display-software
Affected version: <=1.7.8
Summary: Sony's BRAVIA Signage is an application to deliver
video and still images to Pro BRAVIAs and manage the information
via a network. Features include management of displays, power
schedule management, content playlists, scheduled delivery
management, content interrupt, and more. This cost-effective
digital signage management solution is ideal for presenting
attractive, informative visual content in retail spaces and
hotel reception areas, visitor attractions, educational and
corporate environments.
Desc: The application is vulnerable to sensitive information
disclosure vulnerability. An unauthenticated attacker can
visit several API endpoints and disclose information running
on the device.
Tested on: Microsoft Windows Server 2012 R2
Ubuntu
NodeJS
Express
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience