CVE-2019-10886 - OpenCVE

An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sony	Kdl-50w800c Kdl-50w805c Kdl-50w807c Kdl-50w809c Kdl-50w820c Kdl-55w800c Kdl-55w805c Kdl-65w850c Kdl-65w855c Kdl-65w857c Kdl-75w850c Kdl-75w855c Photo Sharing Plus X7500d Xbr-100z9d Xbr-43x800d Xbr-43x800e Xbr-43x830c Xbr-49x700d Xbr-49x800c Xbr-49x800d Xbr-49x800e Xbr-49x830c Xbr-49x835c Xbr-49x835d Xbr-49x837c Xbr-49x839c Xbr-49x900e Xbr-55a1e Xbr-55x700d Xbr-55x800e Xbr-55x805c Xbr-55x806e Xbr-55x807c Xbr-55x809c Xbr-55x810c Xbr-55x850c Xbr-55x850d Xbr-55x855c Xbr-55x855d Xbr-55x857c Xbr-55x857d Xbr-55x900c Xbr-55x900e Xbr-55x905c Xbr-55x907c Xbr-55x930d Xbr-55x930e Xbr-65a1e Xbr-65x750d Xbr-65x800c Xbr-65x805c Xbr-65x807c Xbr-65x809c Xbr-65x810c Xbr-65x850c Xbr-65x850d Xbr-65x850e Xbr-65x855c Xbr-65x855d Xbr-65x857c Xbr-65x857d Xbr-65x900c Xbr-65x900e Xbr-65x905c Xbr-65x907c Xbr-65x930c Xbr-65x930d Xbr-65x930e Xbr-65x935d Xbr-65x937d Xbr-65z9d Xbr-75x850c Xbr-75x850d Xbr-75x850e Xbr-75x855c Xbr-75x855d Xbr-75x857d Xbr-75x900e Xbr-75x910c Xbr-75x940c Xbr-75x940d Xbr-75x940e Xbr-75x945c Xbr-75z9d Xbr-77a1e Xbr-85x850d Xbr-85x855d Xbr-85x857d

Configuration 1 [-]

AND

OR	cpe:2.3:h:sony:kdl-50w800c:-:::::::*
	cpe:2.3:h:sony:kdl-50w805c:-:::::::*
	cpe:2.3:h:sony:kdl-50w807c:-:::::::*
	cpe:2.3:h:sony:kdl-50w809c:-:::::::*
	cpe:2.3:h:sony:kdl-50w820c:-:::::::*
	cpe:2.3:h:sony:kdl-55w800c:-:::::::*
	cpe:2.3:h:sony:kdl-55w805c:-:::::::*
	cpe:2.3:h:sony:kdl-65w850c:-:::::::*
	cpe:2.3:h:sony:kdl-65w855c:-:::::::*
	cpe:2.3:h:sony:kdl-65w857c:-:::::::*
	cpe:2.3:h:sony:kdl-75w850c:-:::::::*
	cpe:2.3:h:sony:kdl-75w855c:-:::::::*
	cpe:2.3:h:sony:x7500d:-:::::::*
	cpe:2.3:h:sony:xbr-100z9d:-:::::::*
	cpe:2.3:h:sony:xbr-43x800d:-:::::::*
	cpe:2.3:h:sony:xbr-43x800e:-:::::::*
	cpe:2.3:h:sony:xbr-43x830c:-:::::::*
	cpe:2.3:h:sony:xbr-49x700d:-:::::::*
	cpe:2.3:h:sony:xbr-49x800c:-:::::::*
	cpe:2.3:h:sony:xbr-49x800d:-:::::::*
	cpe:2.3:h:sony:xbr-49x800e:-:::::::*
	cpe:2.3:h:sony:xbr-49x830c:-:::::::*
	cpe:2.3:h:sony:xbr-49x835c:-:::::::*
	cpe:2.3:h:sony:xbr-49x835d:-:::::::*
	cpe:2.3:h:sony:xbr-49x837c:-:::::::*
	cpe:2.3:h:sony:xbr-49x839c:-:::::::*
	cpe:2.3:h:sony:xbr-49x900e:-:::::::*
	cpe:2.3:h:sony:xbr-55a1e:-:::::::*
	cpe:2.3:h:sony:xbr-55x700d:-:::::::*
	cpe:2.3:h:sony:xbr-55x800e:-:::::::*
	cpe:2.3:h:sony:xbr-55x805c:-:::::::*
	cpe:2.3:h:sony:xbr-55x806e:-:::::::*
	cpe:2.3:h:sony:xbr-55x807c:-:::::::*
	cpe:2.3:h:sony:xbr-55x809c:-:::::::*
	cpe:2.3:h:sony:xbr-55x810c:-:::::::*
	cpe:2.3:h:sony:xbr-55x850c:-:::::::*
	cpe:2.3:h:sony:xbr-55x850d:-:::::::*
	cpe:2.3:h:sony:xbr-55x855c:-:::::::*
	cpe:2.3:h:sony:xbr-55x855d:-:::::::*
	cpe:2.3:h:sony:xbr-55x857c:-:::::::*
	cpe:2.3:h:sony:xbr-55x857d:-:::::::*
	cpe:2.3:h:sony:xbr-55x900c:-:::::::*
	cpe:2.3:h:sony:xbr-55x900e:-:::::::*
	cpe:2.3:h:sony:xbr-55x905c:-:::::::*
	cpe:2.3:h:sony:xbr-55x907c:-:::::::*
	cpe:2.3:h:sony:xbr-55x930d:-:::::::*
	cpe:2.3:h:sony:xbr-55x930e:-:::::::*
	cpe:2.3:h:sony:xbr-65a1e:-:::::::*
	cpe:2.3:h:sony:xbr-65x750d:-:::::::*
	cpe:2.3:h:sony:xbr-65x800c:-:::::::*
	cpe:2.3:h:sony:xbr-65x805c:-:::::::*
	cpe:2.3:h:sony:xbr-65x807c:-:::::::*
	cpe:2.3:h:sony:xbr-65x809c:-:::::::*
	cpe:2.3:h:sony:xbr-65x810c:-:::::::*
	cpe:2.3:h:sony:xbr-65x850c:-:::::::*
	cpe:2.3:h:sony:xbr-65x850d:-:::::::*
	cpe:2.3:h:sony:xbr-65x850e:-:::::::*
	cpe:2.3:h:sony:xbr-65x855c:-:::::::*
	cpe:2.3:h:sony:xbr-65x855d:-:::::::*
	cpe:2.3:h:sony:xbr-65x857c:-:::::::*
	cpe:2.3:h:sony:xbr-65x857d:-:::::::*
	cpe:2.3:h:sony:xbr-65x900c:-:::::::*
	cpe:2.3:h:sony:xbr-65x900e:-:::::::*
	cpe:2.3:h:sony:xbr-65x905c:-:::::::*
cpe:2.3:h:sony:xbr-65x907c:-:::::::*
cpe:2.3:h:sony:xbr-65x930c:-:::::::*
cpe:2.3:h:sony:xbr-65x930d:-:::::::*
cpe:2.3:h:sony:xbr-65x930e:-:::::::*
cpe:2.3:h:sony:xbr-65x935d:-:::::::*
cpe:2.3:h:sony:xbr-65x937d:-:::::::*
cpe:2.3:h:sony:xbr-65z9d:-:::::::*
cpe:2.3:h:sony:xbr-75x850c:-:::::::*
cpe:2.3:h:sony:xbr-75x850d:-:::::::*
cpe:2.3:h:sony:xbr-75x850e:-:::::::*
cpe:2.3:h:sony:xbr-75x855c:-:::::::*
cpe:2.3:h:sony:xbr-75x855d:-:::::::*
cpe:2.3:h:sony:xbr-75x857d:-:::::::*
cpe:2.3:h:sony:xbr-75x900e:-:::::::*
cpe:2.3:h:sony:xbr-75x910c:-:::::::*
cpe:2.3:h:sony:xbr-75x940c:-:::::::*
cpe:2.3:h:sony:xbr-75x940d:-:::::::*
cpe:2.3:h:sony:xbr-75x940e:-:::::::*
cpe:2.3:h:sony:xbr-75x945c:-:::::::*
cpe:2.3:h:sony:xbr-75z9d:-:::::::*
cpe:2.3:h:sony:xbr-77a1e:-:::::::*
cpe:2.3:h:sony:xbr-85x850d:-:::::::*
cpe:2.3:h:sony:xbr-85x855d:-:::::::*
cpe:2.3:h:sony:xbr-85x857d:-:::::::*

cpe:2.3:a:sony:photo_sharing_plus:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html
http://seclists.org/fulldisclosure/2019/Apr/32
http://www.securityfocus.com/bid/108072
https://seclists.org/bugtraq/2019/Apr/34
https://www.sony.com/electronics/support/downloads/00016043

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-19T17:51:49

Updated: 2024-08-04T22:40:14.926Z

Reserved: 2019-04-05T00:00:00

Link: CVE-2019-10886

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-19T18:29:00.747

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-10886

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object