CVE-2020-36922

EUVD-2026-1017
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VulnCheckCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
sonybravia_signage
𝑥
≤ 1.7.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2020120028
https://exchange.xforce.ibmcloud.com/vulnerabilities/192606
https://packetstorm.news/files/id/160343
https://pro-bravia.sony.net
https://pro-bravia.sony.net/resources/software/bravia-signage/
https://pro.sony/ue_US/products/display-software
https://www.exploit-db.com/exploits/49187
https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php