Unrated severityNVD Advisory· Published Jan 6, 2026· Updated Jan 6, 2026

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR

CVE-2020-36923

Description

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.

Affected products

Pro Bravia/Sony Bravia Digital Signagellm-fuzzy
Range: =1.7.8
Sony Electronics Inc./Sony BRAVIA Digital Signagev5
Range: <=1.7.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/160344mitreexploit
cxsecurity.com/issue/WLB-2020120031mitrethird-party-advisory
www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idormitrethird-party-advisory
www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.phpmitrethird-party-advisory
exchange.xforce.ibmcloud.com/vulnerabilities/192607mitrevdb-entry
pro-bravia.sony.netmitreproduct
pro-bravia.sony.net/resources/software/bravia-signage/mitreproduct
pro.sony/ue_US/products/display-softwaremitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000