CVE-2020-5589

Published: Jun 9, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.

Affected (11)

Products: Sony: Wf 1000x Firmware, Wf Sp700n Firmware, Wh 1000xm2 Firmware, Wh 1000xm3 Firmware, Wh Ch700n Firmware, Wh H900n Firmware, Wh Xb700 Firmware, Wh Xb900n Firmware, Wi 1000x Firmware, Wi C600n Firmware, Wi Sp600n Firmware

11 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wf 1000x Firmware	All versions

Running on/with	Platform Versions
Sony Wf 1000x	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wf Sp700n Firmware	All versions

Running on/with	Platform Versions
Sony Wf Sp700n	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wh 1000xm2 Firmware	All versions

Running on/with	Platform Versions
Sony Wh 1000xm2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wh 1000xm3 Firmware	All versions

Running on/with	Platform Versions
Sony Wh 1000xm3	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wh Ch700n Firmware	All versions

Running on/with	Platform Versions
Sony Wh Ch700n	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wh H900n Firmware	All versions

Running on/with	Platform Versions
Sony Wh H900n	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wh Xb700 Firmware	All versions

Running on/with	Platform Versions
Sony Wh Xb700	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wh Xb900n Firmware	All versions

Running on/with	Platform Versions
Sony Wh Xb900n	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wi 1000x Firmware	All versions

Running on/with	Platform Versions
Sony Wi 1000x	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wi C600n Firmware	All versions

Running on/with	Platform Versions
Sony Wi C600n	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sony Wi Sp600n Firmware	All versions

Running on/with	Platform Versions
Sony Wi Sp600n	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://jvn.jp/en/jp/JVN67447798/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.sony.com/electronics/support/audio-video-headphones

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN67447798/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.sony.com/electronics/support/audio-video-headphones

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.