CVE-2019-11336 - OpenCVE

Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sony	Kdl-50w800c Kdl-50w805c Kdl-50w807c Kdl-50w809c Kdl-50w820c Kdl-55w800c Kdl-55w805c Kdl-65w850c Kdl-65w855c Kdl-65w857c Kdl-75w850c Kdl-75w855c Photo Sharing Plus X7500d Xbr-100z9d Xbr-43x800d Xbr-43x800e Xbr-43x830c Xbr-49x700d Xbr-49x800c Xbr-49x800d Xbr-49x800e Xbr-49x830c Xbr-49x835c Xbr-49x835d Xbr-49x837c Xbr-49x839c Xbr-49x900e Xbr-55a1e Xbr-55x700d Xbr-55x800e Xbr-55x805c Xbr-55x806e Xbr-55x807c Xbr-55x809c Xbr-55x810c Xbr-55x850c Xbr-55x850d Xbr-55x855c Xbr-55x855d Xbr-55x857c Xbr-55x857d Xbr-55x900c Xbr-55x900e Xbr-55x905c Xbr-55x907c Xbr-55x930d Xbr-55x930e Xbr-65a1e Xbr-65x750d Xbr-65x800c Xbr-65x805c Xbr-65x807c Xbr-65x809c Xbr-65x810c Xbr-65x850c Xbr-65x850d Xbr-65x850e Xbr-65x855c Xbr-65x855d Xbr-65x857c Xbr-65x857d Xbr-65x900c Xbr-65x900e Xbr-65x905c Xbr-65x907c Xbr-65x930c Xbr-65x930d Xbr-65x930e Xbr-65x935d Xbr-65x937d Xbr-65z9d Xbr-75x850c Xbr-75x850d Xbr-75x850e Xbr-75x855c Xbr-75x855d Xbr-75x857d Xbr-75x900e Xbr-75x910c Xbr-75x940c Xbr-75x940d Xbr-75x940e Xbr-75x945c Xbr-75z9d Xbr-77a1e Xbr-85x850d Xbr-85x855d Xbr-85x857d

Configuration 1 [-]

AND

cpe:2.3:a:sony:photo_sharing_plus:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sony:kdl-50w800c:-:::::::*
	cpe:2.3:h:sony:kdl-50w805c:-:::::::*
	cpe:2.3:h:sony:kdl-50w807c:-:::::::*
	cpe:2.3:h:sony:kdl-50w809c:-:::::::*
	cpe:2.3:h:sony:kdl-50w820c:-:::::::*
	cpe:2.3:h:sony:kdl-55w800c:-:::::::*
	cpe:2.3:h:sony:kdl-55w805c:-:::::::*
	cpe:2.3:h:sony:kdl-65w850c:-:::::::*
	cpe:2.3:h:sony:kdl-65w855c:-:::::::*
	cpe:2.3:h:sony:kdl-65w857c:-:::::::*
	cpe:2.3:h:sony:kdl-75w850c:-:::::::*
	cpe:2.3:h:sony:kdl-75w855c:-:::::::*
	cpe:2.3:h:sony:x7500d:-:::::::*
	cpe:2.3:h:sony:xbr-100z9d:-:::::::*
	cpe:2.3:h:sony:xbr-43x800d:-:::::::*
	cpe:2.3:h:sony:xbr-43x800e:-:::::::*
	cpe:2.3:h:sony:xbr-43x830c:-:::::::*
	cpe:2.3:h:sony:xbr-49x700d:-:::::::*
	cpe:2.3:h:sony:xbr-49x800c:-:::::::*
	cpe:2.3:h:sony:xbr-49x800d:-:::::::*
	cpe:2.3:h:sony:xbr-49x800e:-:::::::*
	cpe:2.3:h:sony:xbr-49x830c:-:::::::*
	cpe:2.3:h:sony:xbr-49x835c:-:::::::*
	cpe:2.3:h:sony:xbr-49x835d:-:::::::*
	cpe:2.3:h:sony:xbr-49x837c:-:::::::*
	cpe:2.3:h:sony:xbr-49x839c:-:::::::*
	cpe:2.3:h:sony:xbr-49x900e:-:::::::*
	cpe:2.3:h:sony:xbr-55a1e:-:::::::*
	cpe:2.3:h:sony:xbr-55x700d:-:::::::*
	cpe:2.3:h:sony:xbr-55x800e:-:::::::*
	cpe:2.3:h:sony:xbr-55x805c:-:::::::*
	cpe:2.3:h:sony:xbr-55x806e:-:::::::*
	cpe:2.3:h:sony:xbr-55x807c:-:::::::*
	cpe:2.3:h:sony:xbr-55x809c:-:::::::*
	cpe:2.3:h:sony:xbr-55x810c:-:::::::*
	cpe:2.3:h:sony:xbr-55x850c:-:::::::*
	cpe:2.3:h:sony:xbr-55x850d:-:::::::*
	cpe:2.3:h:sony:xbr-55x855c:-:::::::*
	cpe:2.3:h:sony:xbr-55x855d:-:::::::*
	cpe:2.3:h:sony:xbr-55x857c:-:::::::*
	cpe:2.3:h:sony:xbr-55x857d:-:::::::*
	cpe:2.3:h:sony:xbr-55x900c:-:::::::*
	cpe:2.3:h:sony:xbr-55x900e:-:::::::*
	cpe:2.3:h:sony:xbr-55x905c:-:::::::*
	cpe:2.3:h:sony:xbr-55x907c:-:::::::*
	cpe:2.3:h:sony:xbr-55x930d:-:::::::*
	cpe:2.3:h:sony:xbr-55x930e:-:::::::*
	cpe:2.3:h:sony:xbr-65a1e:-:::::::*
	cpe:2.3:h:sony:xbr-65x750d:-:::::::*
	cpe:2.3:h:sony:xbr-65x800c:-:::::::*
	cpe:2.3:h:sony:xbr-65x805c:-:::::::*
	cpe:2.3:h:sony:xbr-65x807c:-:::::::*
	cpe:2.3:h:sony:xbr-65x809c:-:::::::*
	cpe:2.3:h:sony:xbr-65x810c:-:::::::*
	cpe:2.3:h:sony:xbr-65x850c:-:::::::*
	cpe:2.3:h:sony:xbr-65x850d:-:::::::*
	cpe:2.3:h:sony:xbr-65x850e:-:::::::*
	cpe:2.3:h:sony:xbr-65x855c:-:::::::*
	cpe:2.3:h:sony:xbr-65x855d:-:::::::*
	cpe:2.3:h:sony:xbr-65x857c:-:::::::*
	cpe:2.3:h:sony:xbr-65x857d:-:::::::*
	cpe:2.3:h:sony:xbr-65x900c:-:::::::*
	cpe:2.3:h:sony:xbr-65x900e:-:::::::*
	cpe:2.3:h:sony:xbr-65x905c:-:::::::*
cpe:2.3:h:sony:xbr-65x907c:-:::::::*
cpe:2.3:h:sony:xbr-65x930c:-:::::::*
cpe:2.3:h:sony:xbr-65x930d:-:::::::*
cpe:2.3:h:sony:xbr-65x930e:-:::::::*
cpe:2.3:h:sony:xbr-65x935d:-:::::::*
cpe:2.3:h:sony:xbr-65x937d:-:::::::*
cpe:2.3:h:sony:xbr-65z9d:-:::::::*
cpe:2.3:h:sony:xbr-75x850c:-:::::::*
cpe:2.3:h:sony:xbr-75x850d:-:::::::*
cpe:2.3:h:sony:xbr-75x850e:-:::::::*
cpe:2.3:h:sony:xbr-75x855c:-:::::::*
cpe:2.3:h:sony:xbr-75x855d:-:::::::*
cpe:2.3:h:sony:xbr-75x857d:-:::::::*
cpe:2.3:h:sony:xbr-75x900e:-:::::::*
cpe:2.3:h:sony:xbr-75x910c:-:::::::*
cpe:2.3:h:sony:xbr-75x940c:-:::::::*
cpe:2.3:h:sony:xbr-75x940d:-:::::::*
cpe:2.3:h:sony:xbr-75x940e:-:::::::*
cpe:2.3:h:sony:xbr-75x945c:-:::::::*
cpe:2.3:h:sony:xbr-75z9d:-:::::::*
cpe:2.3:h:sony:xbr-77a1e:-:::::::*
cpe:2.3:h:sony:xbr-85x850d:-:::::::*
cpe:2.3:h:sony:xbr-85x855d:-:::::::*
cpe:2.3:h:sony:xbr-85x857d:-:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/152612/Sony-Smart-TV-Information-Disclosure-File-Read.html
http://seclists.org/fulldisclosure/2019/Apr/32
http://www.securityfocus.com/bid/108072
https://seclists.org/bugtraq/2019/Apr/34
https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-14T13:57:24

Updated: 2024-08-04T22:48:09.177Z

Reserved: 2019-04-18T00:00:00

Link: CVE-2019-11336

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-05-14T14:29:00.227

Modified: 2019-05-21T11:56:07.143

Link: CVE-2019-11336

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object