Sony Smart TV Bug Allows Remote Access, Root Privileges
#1
Quote:The most serious of the vulnerabilities is the command-injection (CVE-2018-16593) bug, which is tied to a proprietary Sony application called Photo Sharing Plus. The app allows users to share multimedia content from their phones or tablets via Sony TVs.

Similar to the previous vulnerability, the other two Sony Bravia bugs are also tied to Sony’s Photo Sharing Plus application, but are rated high severity. The stack buffer overflow (CVE-2018-16595) is a “memory corruption vulnerability that results from insufficient size checking of user input,” Loi wrote in a technical write up.

The directory-traversal vulnerability (CVE-2018-16594) relates to the way the Photo Sharing Plus app handles file names. “An attacker can upload an arbitrary file with a crafted file name (e.g.: ../../) that can then traverse the whole filesystem,” the researcher wrote.

Source: https://threatpost.com/sony-smart-tv-bug...es/138063/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
WhatsApp Launches New Username Feature ...
WhatsApp Opens Usern...harlan4096 — 17:12
AnyDesk 9.7.9 for Windows
Version 9.7.9 for ...harlan4096 — 15:57
uBOLite 2026.705.2152 (already available...
uBOLite 2026.705.2...harlan4096 — 10:23
Microsoft Warns Windows 11 Enterprise De...
Microsoft has issu...harlan4096 — 10:22
QOwnNotes
26.7.1 Added a ne...Kool — 05:26

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>