CVE-2019-10886
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD
Description
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network.
Affected (1)
Products: Sony: Photo Sharing Plus
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before pkg6.5629 |
| Running on/with | Platform Versions |
|---|---|
Sony Kdl 50w800c | All versions |
Sony Kdl 50w805c | All versions |
Sony Kdl 50w807c | All versions |
Sony Kdl 50w809c | All versions |
Sony Kdl 50w820c | All versions |
Sony Kdl 55w800c | All versions |
Sony Kdl 55w805c | All versions |
Sony Kdl 65w850c | All versions |
Sony Kdl 65w855c | All versions |
Sony Kdl 65w857c | All versions |
Sony Kdl 75w850c | All versions |
Sony Kdl 75w855c | All versions |
Sony X7500d | All versions |
Sony Xbr 100z9d | All versions |
Sony Xbr 43x800d | All versions |
Sony Xbr 43x800e | All versions |
Sony Xbr 43x830c | All versions |
Sony Xbr 49x700d | All versions |
Sony Xbr 49x800c | All versions |
Sony Xbr 49x800d | All versions |
Sony Xbr 49x800e | All versions |
Sony Xbr 49x830c | All versions |
Sony Xbr 49x835c | All versions |
Sony Xbr 49x835d | All versions |
Sony Xbr 49x837c | All versions |
Sony Xbr 49x839c | All versions |
Sony Xbr 49x900e | All versions |
Sony Xbr 55a1e | All versions |
Sony Xbr 55x700d | All versions |
Sony Xbr 55x800e | All versions |
Sony Xbr 55x805c | All versions |
Sony Xbr 55x806e | All versions |
Sony Xbr 55x807c | All versions |
Sony Xbr 55x809c | All versions |
Sony Xbr 55x810c | All versions |
Sony Xbr 55x850c | All versions |
Sony Xbr 55x850d | All versions |
Sony Xbr 55x855c | All versions |
Sony Xbr 55x855d | All versions |
Sony Xbr 55x857c | All versions |
Sony Xbr 55x857d | All versions |
Sony Xbr 55x900c | All versions |
Sony Xbr 55x900e | All versions |
Sony Xbr 55x905c | All versions |
Sony Xbr 55x907c | All versions |
Sony Xbr 55x930d | All versions |
Sony Xbr 55x930e | All versions |
Sony Xbr 65a1e | All versions |
Sony Xbr 65x750d | All versions |
Sony Xbr 65x800c | All versions |
Sony Xbr 65x805c | All versions |
Sony Xbr 65x807c | All versions |
Sony Xbr 65x809c | All versions |
Sony Xbr 65x810c | All versions |
Sony Xbr 65x850c | All versions |
Sony Xbr 65x850d | All versions |
Sony Xbr 65x850e | All versions |
Sony Xbr 65x855c | All versions |
Sony Xbr 65x855d | All versions |
Sony Xbr 65x857c | All versions |
Sony Xbr 65x857d | All versions |
Sony Xbr 65x900c | All versions |
Sony Xbr 65x900e | All versions |
Sony Xbr 65x905c | All versions |
Sony Xbr 65x907c | All versions |
Sony Xbr 65x930c | All versions |
Sony Xbr 65x930d | All versions |
Sony Xbr 65x930e | All versions |
Sony Xbr 65x935d | All versions |
Sony Xbr 65x937d | All versions |
Sony Xbr 65z9d | All versions |
Sony Xbr 75x850c | All versions |
Sony Xbr 75x850d | All versions |
Sony Xbr 75x850e | All versions |
Sony Xbr 75x855c | All versions |
Sony Xbr 75x855d | All versions |
Sony Xbr 75x857d | All versions |
Sony Xbr 75x900e | All versions |
Sony Xbr 75x910c | All versions |
Sony Xbr 75x940c | All versions |
Sony Xbr 75x940d | All versions |
Sony Xbr 75x940e | All versions |
Sony Xbr 75x945c | All versions |
Sony Xbr 75z9d | All versions |
Sony Xbr 77a1e | All versions |
Sony Xbr 85x850d | All versions |
Sony Xbr 85x855d | All versions |
Sony Xbr 85x857d | All versions |
References (10)
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Timeline
No history available yet.