Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference

CVE Category Price Severity
CVE-2021-5785 CWE-639 $5,000 High
Author Risk Exploitation Type Date
Unknown High Remote 2020-12-04
CVSS:4.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference
Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR

Vendor: Sony Electronics Inc.
Product web page:
Affected version: <=1.7.8

Summary: Sony's BRAVIA Signage is an application to deliver
video and still images to Pro BRAVIAs and manage the information
via a network. Features include management of displays, power
schedule management, content playlists, scheduled delivery
management, content interrupt, and more. This cost-effective
digital signage management solution is ideal for presenting
attractive, informative visual content in retail spaces and
hotel reception areas, visitor attractions, educational and
corporate environments.

Desc: Insecure direct object references occur when an application
provides direct access to objects based on user-supplied input.
As a result of this vulnerability attackers can bypass authorization
and access the hidden '/#/content-creation' resource in the system.

Tested on: Microsoft Windows Server 2012 R2

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2020-5611
Advisory URL:



Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum