An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html | Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2019/Apr/32 | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/108072 | Third Party Advisory VDB Entry |
| https://seclists.org/bugtraq/2019/Apr/34 | Exploit Mailing List Third Party Advisory |
| https://www.sony.com/electronics/support/downloads/00016043 | Exploit Vendor Advisory |
| http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html | Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2019/Apr/32 | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/108072 | Third Party Advisory VDB Entry |
| https://seclists.org/bugtraq/2019/Apr/34 | Exploit Mailing List Third Party Advisory |
| https://www.sony.com/electronics/support/downloads/00016043 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 04:20
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html - Third Party Advisory, VDB Entry | |
| References | () http://seclists.org/fulldisclosure/2019/Apr/32 - Mailing List, Third Party Advisory | |
| References | () http://www.securityfocus.com/bid/108072 - Third Party Advisory, VDB Entry | |
| References | () https://seclists.org/bugtraq/2019/Apr/34 - Exploit, Mailing List, Third Party Advisory | |
| References | () https://www.sony.com/electronics/support/downloads/00016043 - Exploit, Vendor Advisory |
Information
Published : 2019-04-19 18:29
Updated : 2024-11-21 04:20
NVD link : CVE-2019-10886
Mitre link : CVE-2019-10886
CVE.ORG link : CVE-2019-10886
JSON object : View
Products Affected
sony
- xbr-65x857c
- photo_sharing_plus
- xbr-65x937d
- xbr-65a1e
- xbr-75x940e
- xbr-65x807c
- xbr-65x930d
- xbr-65x857d
- xbr-85x857d
- kdl-50w805c
- xbr-65x900c
- xbr-49x700d
- xbr-65x930c
- xbr-55x905c
- xbr-75x850c
- kdl-55w805c
- xbr-55x930e
- kdl-65w855c
- xbr-75x850d
- xbr-65x750d
- xbr-65x907c
- xbr-55a1e
- kdl-65w857c
- xbr-49x800d
- xbr-85x855d
- xbr-55x850d
- kdl-50w807c
- xbr-55x855d
- xbr-43x800e
- xbr-65x855d
- xbr-55x807c
- kdl-75w850c
- xbr-49x835c
- xbr-49x835d
- xbr-65x810c
- xbr-65x930e
- xbr-65x805c
- xbr-65x800c
- xbr-49x830c
- xbr-55x857d
- xbr-55x900e
- kdl-65w850c
- xbr-55x907c
- xbr-75x940d
- xbr-75x945c
- xbr-75x855c
- xbr-65x935d
- xbr-55x700d
- xbr-49x800e
- xbr-75x940c
- xbr-75z9d
- kdl-50w800c
- xbr-75x900e
- xbr-75x855d
- xbr-65x900e
- xbr-49x837c
- xbr-65x850e
- xbr-55x806e
- xbr-43x800d
- kdl-75w855c
- xbr-75x857d
- xbr-65x905c
- xbr-55x857c
- xbr-55x850c
- xbr-55x805c
- xbr-65x850d
- xbr-55x930d
- xbr-49x800c
- xbr-55x900c
- xbr-85x850d
- xbr-65x850c
- xbr-100z9d
- xbr-43x830c
- xbr-55x855c
- kdl-50w820c
- xbr-49x839c
- kdl-55w800c
- xbr-75x850e
- xbr-49x900e
- xbr-65x809c
- xbr-65x855c
- xbr-77a1e
- x7500d
- xbr-55x800e
- xbr-55x810c
- xbr-75x910c
- kdl-50w809c
- xbr-55x809c
- xbr-65z9d
CWE
CWE-306
Missing Authentication for Critical Function