Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR  
Vendor: Sony Electronics Inc.  
Product web page:  
Affected version: <=1.7.8  
Summary: Sony's BRAVIA Signage is an application to deliver  
video and still images to Pro BRAVIAs and manage the information  
via a network. Features include management of displays, power  
schedule management, content playlists, scheduled delivery  
management, content interrupt, and more. This cost-effective  
digital signage management solution is ideal for presenting  
attractive, informative visual content in retail spaces and  
hotel reception areas, visitor attractions, educational and  
corporate environments.  
Desc: Insecure direct object references occur when an application  
provides direct access to objects based on user-supplied input.  
As a result of this vulnerability attackers can bypass authorization  
and access the hidden '/#/content-creation' resource in the system.  
Tested on: Microsoft Windows Server 2012 R2  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2020-5611  
Advisory URL: