Sony Bravia Smart TVs affected by a critical vulnerability

Experts at FortiGuard Labs team discovered three vulnerabilities in eight Sony Bravia smart TVs, one of them rated as critical.

Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers.

Experts at FortiGuard Labs team discovered three vulnerabilities (a stack buffer overflow, a directory traversal, and a command-injection issue) in eight Sony Bravia smart TVs, one of them rated as critical.

Affected Sony Bravia models include R5C, WD75, WD65, XE70, XF70, WE75, WE6 and WF6.

The most severe vulnerability tracked as CVE-2018-16593 is a command-injection flaw that resides in the Sony application Photo Sharing Plus that allows users to share multimedia content from their mobile devices via Sony Smart TVs.

An attacker needs to share on the same wireless network as the Sony TV in order to trigger the vulnerability.

“This application handles file names incorrectly when the user uploads a media file. An attacker can abuse such filename mishandling to run arbitrary commands on the system, which can result in complete remote code execution with root privilege.” reads the blog post published by Fortinet.
“Fortinet previously released IPS signature Sony.SmartTV.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.”

Remaining bugs also affect the Sony’s Photo Sharing Plus application running on Sony Bravia. The stack buffer overflow (CVE-2018-16595) is a “memory corruption vulnerability that is tied to the lack of sanitization of user input.

“This is a memory corruption vulnerability that results from insufficient size checking of user input. With a long enough HTTP POST request sent to the corresponding URL, the application will crash.” continues the advisory.
Fortinet previously released IPS signature Sony.SmartTV.Stack.Buffer.Overflow for this specific vulnerability to proactively protect our customers.”

The third flaw directory-traversal vulnerability tracked as  CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names.

“The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attackercan upload an arbitrary file with a crafted file name (e.g.: ../../) that can then traverse the whole filesystem.” reads the blog post.
“Fortinet previously released IPS signature Sony.SmartTV.Directory.Traversal for this specific vulnerability to proactively protect our customers.” 

Sony has provided over-the-air patch updated to address the flaws, the fixes need to be approved by the user.

“If your television is set to automatically receive updates when connected to the internet, it should have already been updated. This is the default setting for the affected models.” reads the security advisory published by Sony.

“To verify that your television has been updated, please visit the Downloads section of your model’s product page. Click the Firmware update link for details about how to check the software version. If your television has not already been updated, please follow the instructions to download and install the update.”

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW