Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR

Advisories

severity: medium
date: January 5, 2026
Affecting: Sony BRAVIA Digital Signage <= 1.7.8
CVE: CVE-2020-36923
CWE: CWE-639 Authorization Bypass Through User-Controlled Key
CVSS: 6.9
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
References: Zero Science Lab Disclosure (ZSL-2020-5611)
IBM X-Force Exchange Vulnerability Entry
CXSecurity Vulnerability Listing
Packet Storm Security Exploit Archive
Sony Professional Display Software Product Page
BRAVIA Signage Software Resources
Sony BRAVIA Digital Signage Official Homepage
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.