Researchers discovered Multiple critical vulnerabilities in Sony Bravia smart TV that allows an attacker to control it remotely who all are connected within the local network.
Smart TV’s are nowadays most essential home appliances and its estimated almost 760 million of them now connected globally.
Cybercriminals already switching to target the IoT devices and exploits the various connected devices especially home-based devices such as Smart TV.
Security researchers from Fortinet analyzed the Bravia Smart TV devices and found multiples critical vulnerabilities.
Following vulnerabilities are found in Sony Bravia Smart TV that allows the remote attacker to exploit the locally connected users.
1.Stack Buffer Overflow – CVE-2018-16595
A high severity memory corruption vulnerability that results from insufficient size checking of user input.
With a long enough HTTP POST request sent to the corresponding URL, the application will crash.
In this case, Fortinet previously released IPS signature for this critical Sony.SmartTV.Stack.Buffer.Overflow for this specific vulnerability to proactively protect our customers.
2.Directory Traversal – CVE-2018-16594
According to Fortinet, The application handles file names incorrectly when receiving a user’s input file via uploading a URL. An attacker can upload an arbitrary file with a crafted file name (e.g.: ../../) that can then traverse the whole filesystem.
3.Command Injection – CVE-2018-16593
When we upload the media file, the application handles file names incorrectly which leads to attacker run arbitrary commands on the system by abuse filename mishandling.
Also, these vulnerabilities allow an attacker to gain remote code execution with root privilege.
Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products
Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…