Thursday, March 28, 2024

Sony Bravia Smart TV Contains Multiple Critical Vulnerabilities That Allows Attacker Exploit Remotely Without Authentication

Researchers discovered Multiple critical vulnerabilities in Sony Bravia smart TV that allows an attacker to control it remotely who all are connected within the local network.

Smart TV’s are nowadays most essential home appliances and its estimated almost  760 million of them now connected globally.

Cybercriminals already switching to target the  IoT devices and exploits the various connected devices especially home-based devices such as Smart TV.

Security researchers from Fortinet analyzed the Bravia Smart TV devices and found multiples critical vulnerabilities.

Sony Bravia Smart TV Vulnerabilities Details

Following vulnerabilities are found in Sony Bravia Smart TV that allows the remote attacker to exploit the locally connected users.

1.Stack Buffer Overflow – CVE-2018-16595

A high severity memory corruption vulnerability that results from insufficient size checking of user input.

With a long enough HTTP POST request sent to the corresponding URL, the application will crash.

In this case, Fortinet previously released IPS signature for this critical  Sony.SmartTV.Stack.Buffer.Overflow for this specific vulnerability to proactively protect our customers.

2.Directory Traversal – CVE-2018-16594 

According to Fortinet, The application handles file names incorrectly when receiving a user’s input file via uploading a URL. An attacker can upload an arbitrary file with a crafted file name (e.g.: ../../) that can then traverse the whole filesystem.

  • This vulnerability category under high severity vulnerability.

3.Command Injection – CVE-2018-16593

When we upload the media file, the application handles file names incorrectly which leads to attacker run arbitrary commands on the system by abuse filename mishandling.

Also, these vulnerabilities allow an attacker to gain remote code execution with root privilege.

Also Read:

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles