QwikSec

Security Database

CVE

CWE

Training

CVE-2019-10886

Published: Apr 19, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20190423 Multiple vulnerabilities in Sony Smart TVs

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html

x_refsource_MISC

https://www.sony.com/electronics/support/downloads/00016043

x_refsource_CONFIRM

20190424 Multiple vulnerabilities in Sony Smart TVs

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.