Saturday, January 18, 2025
HomeExploitSony Bravia Smart TV Contains Multiple Critical Vulnerabilities That Allows Attacker Exploit...

Sony Bravia Smart TV Contains Multiple Critical Vulnerabilities That Allows Attacker Exploit Remotely Without Authentication

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered Multiple critical vulnerabilities in Sony Bravia smart TV that allows an attacker to control it remotely who all are connected within the local network.

Smart TV’s are nowadays most essential home appliances and its estimated almost  760 million of them now connected globally.

Cybercriminals already switching to target the  IoT devices and exploits the various connected devices especially home-based devices such as Smart TV.

Security researchers from Fortinet analyzed the Bravia Smart TV devices and found multiples critical vulnerabilities.

Sony Bravia Smart TV Vulnerabilities Details

Following vulnerabilities are found in Sony Bravia Smart TV that allows the remote attacker to exploit the locally connected users.

1.Stack Buffer Overflow – CVE-2018-16595

A high severity memory corruption vulnerability that results from insufficient size checking of user input.

With a long enough HTTP POST request sent to the corresponding URL, the application will crash.

In this case, Fortinet previously released IPS signature for this critical  Sony.SmartTV.Stack.Buffer.Overflow for this specific vulnerability to proactively protect our customers.

2.Directory Traversal – CVE-2018-16594 

According to Fortinet, The application handles file names incorrectly when receiving a user’s input file via uploading a URL. An attacker can upload an arbitrary file with a crafted file name (e.g.: ../../) that can then traverse the whole filesystem.

  • This vulnerability category under high severity vulnerability.

3.Command Injection – CVE-2018-16593

When we upload the media file, the application handles file names incorrectly which leads to attacker run arbitrary commands on the system by abuse filename mishandling.

Also, these vulnerabilities allow an attacker to gain remote code execution with root privilege.

Also Read:

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability

A serious security flaw has been identified in Ivanti Connect Secure, designated as CVE-2025-0282, which...