CVE-2020-36923 MEDIUM

CVE-2020-36923: Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR

Vendor Sony Electronics Inc.
Product Sony BRAVIA Digital Signage
Weakness CWE-639 · IDOR
Published January 6, 2026
Last update January 6, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.

Key dates

02Disclosure timeline

January 6, 2026 CVE published
January 6, 2026 Record updated