{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2020-36922","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-01-03T14:10:13.302Z","datePublished":"2026-01-06T15:52:27.136Z","dateUpdated":"2026-01-06T18:24:00.626Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-01-06T15:52:27.136Z"},"datePublic":"2020-09-20T00:00:00.000Z","title":"Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure","descriptions":[{"lang":"en","value":"Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Exposure of Sensitive System Information to an Unauthorized Control Sphere","cweId":"CWE-497","type":"CWE"}]}],"affected":[{"vendor":"Pro-Bravia","product":"Sony BRAVIA Digital Signage","versions":[{"version":"0","status":"affected","versionType":"custom","lessThanOrEqual":"1.7.8"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/49187","name":"ExploitDB-49187","tags":["exploit"]},{"url":"https://pro-bravia.sony.net","name":"Sony BRAVIA Digital Signage Official Homepage","tags":["product"]},{"url":"https://pro-bravia.sony.net/resources/software/bravia-signage/","name":"BRAVIA Signage Software Resources","tags":["product"]},{"url":"https://pro.sony/ue_US/products/display-software","name":"Sony Professional Display Software Product Page","tags":["product"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php","name":"Zero Science Lab Disclosure (ZSL-2020-5610)","tags":["third-party-advisory"]},{"url":"https://packetstorm.news/files/id/160343","name":"Packet Storm Security Exploit Entry","tags":["exploit"]},{"url":"https://cxsecurity.com/issue/WLB-2020120028","name":"CXSecurity Vulnerability Database","tags":["exploit"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/192606","name":"IBM X-Force Vulnerability Exchange","tags":["vdb-entry"]},{"name":"VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure"}],"credits":[{"lang":"en","value":"LiquidWorm as Gjoko Krstic of Zero Science Lab","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-06T18:23:14.999522Z","id":"CVE-2020-36922","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-06T18:24:00.626Z"}}]}}