CVE-2019-11336 - Vulnerability Details

Description

Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.

Published: 2019-05-14

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:a:sony:photo_sharing_plus:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sony:kdl-50w800c:-:::::::*
	cpe:2.3:h:sony:kdl-50w805c:-:::::::*
	cpe:2.3:h:sony:kdl-50w807c:-:::::::*
	cpe:2.3:h:sony:kdl-50w809c:-:::::::*
	cpe:2.3:h:sony:kdl-50w820c:-:::::::*
	cpe:2.3:h:sony:kdl-55w800c:-:::::::*
	cpe:2.3:h:sony:kdl-55w805c:-:::::::*
	cpe:2.3:h:sony:kdl-65w850c:-:::::::*
	cpe:2.3:h:sony:kdl-65w855c:-:::::::*
	cpe:2.3:h:sony:kdl-65w857c:-:::::::*
	cpe:2.3:h:sony:kdl-75w850c:-:::::::*
	cpe:2.3:h:sony:kdl-75w855c:-:::::::*
	cpe:2.3:h:sony:x7500d:-:::::::*
	cpe:2.3:h:sony:xbr-100z9d:-:::::::*
	cpe:2.3:h:sony:xbr-43x800d:-:::::::*
	cpe:2.3:h:sony:xbr-43x800e:-:::::::*
	cpe:2.3:h:sony:xbr-43x830c:-:::::::*
	cpe:2.3:h:sony:xbr-49x700d:-:::::::*
	cpe:2.3:h:sony:xbr-49x800c:-:::::::*
	cpe:2.3:h:sony:xbr-49x800d:-:::::::*
	cpe:2.3:h:sony:xbr-49x800e:-:::::::*
	cpe:2.3:h:sony:xbr-49x830c:-:::::::*
	cpe:2.3:h:sony:xbr-49x835c:-:::::::*
	cpe:2.3:h:sony:xbr-49x835d:-:::::::*
	cpe:2.3:h:sony:xbr-49x837c:-:::::::*
	cpe:2.3:h:sony:xbr-49x839c:-:::::::*
	cpe:2.3:h:sony:xbr-49x900e:-:::::::*
	cpe:2.3:h:sony:xbr-55a1e:-:::::::*
	cpe:2.3:h:sony:xbr-55x700d:-:::::::*
	cpe:2.3:h:sony:xbr-55x800e:-:::::::*
	cpe:2.3:h:sony:xbr-55x805c:-:::::::*
	cpe:2.3:h:sony:xbr-55x806e:-:::::::*
	cpe:2.3:h:sony:xbr-55x807c:-:::::::*
	cpe:2.3:h:sony:xbr-55x809c:-:::::::*
	cpe:2.3:h:sony:xbr-55x810c:-:::::::*
	cpe:2.3:h:sony:xbr-55x850c:-:::::::*
	cpe:2.3:h:sony:xbr-55x850d:-:::::::*
	cpe:2.3:h:sony:xbr-55x855c:-:::::::*
	cpe:2.3:h:sony:xbr-55x855d:-:::::::*
	cpe:2.3:h:sony:xbr-55x857c:-:::::::*
	cpe:2.3:h:sony:xbr-55x857d:-:::::::*
	cpe:2.3:h:sony:xbr-55x900c:-:::::::*
	cpe:2.3:h:sony:xbr-55x900e:-:::::::*
	cpe:2.3:h:sony:xbr-55x905c:-:::::::*
	cpe:2.3:h:sony:xbr-55x907c:-:::::::*
	cpe:2.3:h:sony:xbr-55x930d:-:::::::*
	cpe:2.3:h:sony:xbr-55x930e:-:::::::*
	cpe:2.3:h:sony:xbr-65a1e:-:::::::*
	cpe:2.3:h:sony:xbr-65x750d:-:::::::*
	cpe:2.3:h:sony:xbr-65x800c:-:::::::*
	cpe:2.3:h:sony:xbr-65x805c:-:::::::*
	cpe:2.3:h:sony:xbr-65x807c:-:::::::*
	cpe:2.3:h:sony:xbr-65x809c:-:::::::*
	cpe:2.3:h:sony:xbr-65x810c:-:::::::*
	cpe:2.3:h:sony:xbr-65x850c:-:::::::*
	cpe:2.3:h:sony:xbr-65x850d:-:::::::*
	cpe:2.3:h:sony:xbr-65x850e:-:::::::*
	cpe:2.3:h:sony:xbr-65x855c:-:::::::*
	cpe:2.3:h:sony:xbr-65x855d:-:::::::*
	cpe:2.3:h:sony:xbr-65x857c:-:::::::*
	cpe:2.3:h:sony:xbr-65x857d:-:::::::*
	cpe:2.3:h:sony:xbr-65x900c:-:::::::*
	cpe:2.3:h:sony:xbr-65x900e:-:::::::*
	cpe:2.3:h:sony:xbr-65x905c:-:::::::*
cpe:2.3:h:sony:xbr-65x907c:-:::::::*
cpe:2.3:h:sony:xbr-65x930c:-:::::::*
cpe:2.3:h:sony:xbr-65x930d:-:::::::*
cpe:2.3:h:sony:xbr-65x930e:-:::::::*
cpe:2.3:h:sony:xbr-65x935d:-:::::::*
cpe:2.3:h:sony:xbr-65x937d:-:::::::*
cpe:2.3:h:sony:xbr-65z9d:-:::::::*
cpe:2.3:h:sony:xbr-75x850c:-:::::::*
cpe:2.3:h:sony:xbr-75x850d:-:::::::*
cpe:2.3:h:sony:xbr-75x850e:-:::::::*
cpe:2.3:h:sony:xbr-75x855c:-:::::::*
cpe:2.3:h:sony:xbr-75x855d:-:::::::*
cpe:2.3:h:sony:xbr-75x857d:-:::::::*
cpe:2.3:h:sony:xbr-75x900e:-:::::::*
cpe:2.3:h:sony:xbr-75x910c:-:::::::*
cpe:2.3:h:sony:xbr-75x940c:-:::::::*
cpe:2.3:h:sony:xbr-75x940d:-:::::::*
cpe:2.3:h:sony:xbr-75x940e:-:::::::*
cpe:2.3:h:sony:xbr-75x945c:-:::::::*
cpe:2.3:h:sony:xbr-75z9d:-:::::::*
cpe:2.3:h:sony:xbr-77a1e:-:::::::*
cpe:2.3:h:sony:xbr-85x850d:-:::::::*
cpe:2.3:h:sony:xbr-85x855d:-:::::::*
cpe:2.3:h:sony:xbr-85x857d:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2019-3017	Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00583.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html
http://seclists.org/fulldisclosure/2019/Apr/32
http://www.securityfocus.com/bid/108072
https://seclists.org/bugtraq/2019/Apr/34
https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/

History

No history.

Subscriptions

Sony Kdl-50w800c Kdl-50w805c Kdl-50w807c Kdl-50w809c Kdl-50w820c Kdl-55w800c Kdl-55w805c Kdl-65w850c Kdl-65w855c Kdl-65w857c Kdl-75w850c Kdl-75w855c Photo Sharing Plus X7500d Xbr-100z9d Xbr-43x800d Xbr-43x800e Xbr-43x830c Xbr-49x700d Xbr-49x800c Xbr-49x800d Xbr-49x800e Xbr-49x830c Xbr-49x835c Xbr-49x835d Xbr-49x837c Xbr-49x839c Xbr-49x900e Xbr-55a1e Xbr-55x700d Xbr-55x800e Xbr-55x805c Xbr-55x806e Xbr-55x807c Xbr-55x809c Xbr-55x810c Xbr-55x850c Xbr-55x850d Xbr-55x855c Xbr-55x855d Xbr-55x857c Xbr-55x857d Xbr-55x900c Xbr-55x900e Xbr-55x905c Xbr-55x907c Xbr-55x930d Xbr-55x930e Xbr-65a1e Xbr-65x750d Xbr-65x800c Xbr-65x805c Xbr-65x807c Xbr-65x809c Xbr-65x810c Xbr-65x850c Xbr-65x850d Xbr-65x850e Xbr-65x855c Xbr-65x855d Xbr-65x857c Xbr-65x857d Xbr-65x900c Xbr-65x900e Xbr-65x905c Xbr-65x907c Xbr-65x930c Xbr-65x930d Xbr-65x930e Xbr-65x935d Xbr-65x937d Xbr-65z9d Xbr-75x850c Xbr-75x850d Xbr-75x850e Xbr-75x855c Xbr-75x855d Xbr-75x857d Xbr-75x900e Xbr-75x910c Xbr-75x940c Xbr-75x940d Xbr-75x940e Xbr-75x945c Xbr-75z9d Xbr-77a1e Xbr-85x850d Xbr-85x855d Xbr-85x857d

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-14T13:57:24.000Z

Updated: 2024-08-04T22:48:09.177Z

Reserved: 2019-04-18T00:00:00.000Z

Link: CVE-2019-11336

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-14T14:29:00.227

Modified: 2024-11-21T04:20:54.450

Link: CVE-2019-11336

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-532

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object