Shell Metacharacter Injection Vulnerability in Sony Bravia TV Photo Sharing Plus
CVE-2018-16593

8.8HIGH

Key Information:

Vendor: Sony
Status: R5c Firmware
Vendor: CVE Published:; 19 June 2019

What is CVE-2018-16593?

The Photo Sharing Plus component within Sony Bravia TVs running version 8.587 is prone to a shell metacharacter injection vulnerability. This issue enables an attacker to inject arbitrary shell commands, potentially compromising the integrity of the affected devices. Users are advised to take necessary precautions to mitigate risks associated with this flaw. For more information, refer to Sony's support articles and security advisories.

References

https://www.sony.co.uk/electronics/support/articles/00201041

x_refsource_MISC

https://fortiguard.com/zeroday/FG-VD-18-036

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2019
Vulnerability Reserved
Sep 6, 2018