Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Pro-Bravia
CVE-2020-36924 (GCVE-0-2020-36924)
Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-26 15:55
VLAI
Title
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
Summary
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49186 | exploit |
| https://pro-bravia.sony.net | product |
| https://pro-bravia.sony.net/resources/software/br… | product |
| https://pro.sony/ue_US/products/display-software | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://packetstorm.news/files/id/160345 | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://cxsecurity.com/issue/WLB-2020120030 | exploit |
| https://www.vulncheck.com/advisories/sony-bravia-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pro-Bravia | Sony BRAVIA Digital Signage |
Affected:
0 , ≤ 1.7.8
(custom)
|
Date Public
2020-09-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36924",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T18:19:38.002512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T18:20:29.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sony BRAVIA Digital Signage",
"vendor": "Pro-Bravia",
"versions": [
{
"lessThanOrEqual": "1.7.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T15:55:01.315Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49186",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49186"
},
{
"name": "Sony BRAVIA Digital Signage Product Homepage",
"tags": [
"product"
],
"url": "https://pro-bravia.sony.net"
},
{
"name": "BRAVIA Signage Software Resources",
"tags": [
"product"
],
"url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
},
{
"name": "Sony Professional Display Software Product Page",
"tags": [
"product"
],
"url": "https://pro.sony/ue_US/products/display-software"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2020-5612)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php"
},
{
"name": "Packet Storm Security Exploit Archive",
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/160345"
},
{
"name": "IBM X-Force Exchange Vulnerability Entry",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192605"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"exploit"
],
"url": "https://cxsecurity.com/issue/WLB-2020120030"
},
{
"name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusion"
}
],
"title": "Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36924",
"datePublished": "2026-01-06T15:52:28.074Z",
"dateReserved": "2026-01-03T14:10:13.302Z",
"dateUpdated": "2026-01-26T15:55:01.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36922 (GCVE-0-2020-36922)
Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-06 18:24
VLAI
Title
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure
Summary
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49187 | exploit |
| https://pro-bravia.sony.net | product |
| https://pro-bravia.sony.net/resources/software/br… | product |
| https://pro.sony/ue_US/products/display-software | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://packetstorm.news/files/id/160343 | exploit |
| https://cxsecurity.com/issue/WLB-2020120028 | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://www.vulncheck.com/advisories/sony-bravia-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pro-Bravia | Sony BRAVIA Digital Signage |
Affected:
0 , ≤ 1.7.8
(custom)
|
Date Public
2020-09-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36922",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T18:23:14.999522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T18:24:00.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sony BRAVIA Digital Signage",
"vendor": "Pro-Bravia",
"versions": [
{
"lessThanOrEqual": "1.7.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:52:27.136Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49187",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49187"
},
{
"name": "Sony BRAVIA Digital Signage Official Homepage",
"tags": [
"product"
],
"url": "https://pro-bravia.sony.net"
},
{
"name": "BRAVIA Signage Software Resources",
"tags": [
"product"
],
"url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
},
{
"name": "Sony Professional Display Software Product Page",
"tags": [
"product"
],
"url": "https://pro.sony/ue_US/products/display-software"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2020-5610)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/160343"
},
{
"name": "CXSecurity Vulnerability Database",
"tags": [
"exploit"
],
"url": "https://cxsecurity.com/issue/WLB-2020120028"
},
{
"name": "IBM X-Force Vulnerability Exchange",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192606"
},
{
"name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure"
}
],
"title": "Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36922",
"datePublished": "2026-01-06T15:52:27.136Z",
"dateReserved": "2026-01-03T14:10:13.302Z",
"dateUpdated": "2026-01-06T18:24:00.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}