CVE-2019-11336
Severity CVSS v4.0:
Pending analysis
Type:
CWE-532
Information Exposure Through Log Files
Publication date:
14/05/2019
Last modified:
21/05/2019
Description
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sony:photo_sharing_plus:*:*:*:*:*:*:*:* | pkg6.5629 (excluding) | |
| cpe:2.3:h:sony:kdl-50w800c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-50w805c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-50w807c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-50w809c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-50w820c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-55w800c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-55w805c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-65w850c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-65w855c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-65w857c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-75w850c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:kdl-75w855c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:x7500d:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sony:xbr-100z9d:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html
- http://seclists.org/fulldisclosure/2019/Apr/32
- http://www.securityfocus.com/bid/108072
- https://seclists.org/bugtraq/2019/Apr/34
- https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/