Search criteria
4 vulnerabilities found for photo_sharing_plus by sony
CVE-2019-11336 (GCVE-0-2019-11336)
Vulnerability from nvd – Published: 2019-05-14 13:57 – Updated: 2024-08-04 22:48
VLAI?
Summary
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2019/Apr/32 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/152612/Sony-… | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Apr/34 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/108072 | vdb-entryx_refsource_BID |
| https://www.darkmatter.ae/xen1thlabs/sony-smart-t… | x_refsource_MISC |
Date Public ?
2019-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108072"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T13:57:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108072"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"name": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108072"
},
{
"name": "https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/",
"refsource": "MISC",
"url": "https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11336",
"datePublished": "2019-05-14T13:57:24.000Z",
"dateReserved": "2019-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:48:09.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10886 (GCVE-0-2019-10886)
Vulnerability from nvd – Published: 2019-04-19 17:51 – Updated: 2024-08-04 22:40
VLAI?
Summary
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2019/Apr/32 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/152612/Sony-… | x_refsource_MISC |
| https://www.sony.com/electronics/support/download… | x_refsource_CONFIRM |
| https://seclists.org/bugtraq/2019/Apr/34 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/108072 | vdb-entryx_refsource_BID |
Date Public ?
2019-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:14.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sony.com/electronics/support/downloads/00016043"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-26T10:06:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sony.com/electronics/support/downloads/00016043"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"name": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"name": "https://www.sony.com/electronics/support/downloads/00016043",
"refsource": "CONFIRM",
"url": "https://www.sony.com/electronics/support/downloads/00016043"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10886",
"datePublished": "2019-04-19T17:51:49.000Z",
"dateReserved": "2019-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:14.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11336 (GCVE-0-2019-11336)
Vulnerability from cvelistv5 – Published: 2019-05-14 13:57 – Updated: 2024-08-04 22:48
VLAI?
Summary
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2019/Apr/32 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/152612/Sony-… | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Apr/34 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/108072 | vdb-entryx_refsource_BID |
| https://www.darkmatter.ae/xen1thlabs/sony-smart-t… | x_refsource_MISC |
Date Public ?
2019-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108072"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T13:57:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108072"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"name": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108072"
},
{
"name": "https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/",
"refsource": "MISC",
"url": "https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11336",
"datePublished": "2019-05-14T13:57:24.000Z",
"dateReserved": "2019-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:48:09.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10886 (GCVE-0-2019-10886)
Vulnerability from cvelistv5 – Published: 2019-04-19 17:51 – Updated: 2024-08-04 22:40
VLAI?
Summary
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2019/Apr/32 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/152612/Sony-… | x_refsource_MISC |
| https://www.sony.com/electronics/support/download… | x_refsource_CONFIRM |
| https://seclists.org/bugtraq/2019/Apr/34 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/108072 | vdb-entryx_refsource_BID |
Date Public ?
2019-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:14.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sony.com/electronics/support/downloads/00016043"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-26T10:06:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sony.com/electronics/support/downloads/00016043"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190423 Multiple vulnerabilities in Sony Smart TVs",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Apr/32"
},
{
"name": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html"
},
{
"name": "https://www.sony.com/electronics/support/downloads/00016043",
"refsource": "CONFIRM",
"url": "https://www.sony.com/electronics/support/downloads/00016043"
},
{
"name": "20190424 Multiple vulnerabilities in Sony Smart TVs",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/34"
},
{
"name": "108072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10886",
"datePublished": "2019-04-19T17:51:49.000Z",
"dateReserved": "2019-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:14.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}