CVE-2020-36922
Unknown Unknown - Not Provided
Information Disclosure in Sony BRAVIA Digital Signage API Endpoints

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: VulnCheck

Description
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36922
EUVD
EUVD-2026-1017
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sony bravia_digital_signage to 1.7.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-36922 is an information disclosure vulnerability in Sony BRAVIA Digital Signage version 1.7.8 and earlier. It allows unauthenticated attackers to access sensitive system information by exploiting exposed system API endpoints. Attackers can retrieve network interface details, server configurations, system metadata, and other sensitive information without any authentication or privileges. This flaw enables attackers to gather internal system details remotely, which could facilitate further attacks or reconnaissance on the affected devices. [2, 4, 5, 6]

Impact Analysis

This vulnerability can impact you by allowing unauthenticated remote attackers to access sensitive system information such as network interface configurations (IP addresses, MAC addresses), server time, operating system details, and device version information. Exposure of this information can aid attackers in conducting further targeted attacks or reconnaissance against your Sony BRAVIA Digital Signage devices, potentially compromising your network security and operational integrity. [2, 4, 5, 6]

Detection Guidance

This vulnerability can be detected by sending unauthenticated requests to the exposed system API endpoints of the Sony BRAVIA Digital Signage device. For example, using a curl command to query the system API endpoint such as `curl http://<device-ip>:8080/api/system` can reveal sensitive system information including application version, network interface configurations, server time, operating system, and host IP address. Monitoring for such API requests or unexpected responses from these endpoints can help detect exploitation attempts. [6]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected Sony BRAVIA Digital Signage devices to trusted users only, such as by implementing network segmentation or firewall rules to block unauthorized access to the device's API endpoints. Additionally, monitor network traffic for suspicious API requests and consider disabling or limiting access to the vulnerable API if possible. Since the vulnerability is due to unauthenticated access to system APIs, controlling access is critical. Checking for and applying any available firmware updates or patches from Sony is also recommended, although no specific patch information is provided in the resources. [2, 4, 6]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36922. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart