CVE-2020-36922 MEDIUM

CVE-2020-36922: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure

Vendor Pro-Bravia
Product Sony BRAVIA Digital Signage
Weakness CWE-497
Published January 6, 2026
Last update January 6, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

Key dates

02Disclosure timeline

January 6, 2026 CVE published
January 6, 2026 Record updated