CVE-2020-36922

medium

Description

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php

https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure

https://www.exploit-db.com/exploits/49187

https://pro.sony/ue_US/products/display-software

https://pro-bravia.sony.net/resources/software/bravia-signage/

https://pro-bravia.sony.net

https://packetstorm.news/files/id/160343

https://exchange.xforce.ibmcloud.com/vulnerabilities/192606

https://cxsecurity.com/issue/WLB-2020120028

Details

Source: Mitre, NVD

Published: 2026-01-06

Updated: 2026-01-08

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00082