Access Control Flaw in Sony Photo Sharing Plus for Smart TVs
CVE-2019-10886

5.9MEDIUM

Key Information:

Vendor

Sony

Status
Photo Sharing Plus
Vendor
CVE Published:
19 April 2019

What is CVE-2019-10886?

A vulnerability exists in the Sony Photo Sharing Plus application that permits unauthorized access to files over HTTP. This issue affects firmware versions before PKG6.5629 on certain Sony TVs, allowing attackers to access directories and read files without authentication when the Photo Sharing Plus application is active. This could lead to a potential compromise of personal data within a private network.

References

http://seclists.org/fulldisclosure/2019/Apr/32
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/152612/Sony-Smart-TV...
x_refsource_MISC
https://www.sony.com/electronics/support/downloads/00016043
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.