Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR

Title: Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR
Advisory ID: ZSL-2020-5611
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Security Bypass
Risk: (3/5)
Release Date: 02.12.2020
Summary
Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This cost-effective digital signage management solution is ideal for presenting attractive, informative visual content in retail spaces and hotel reception areas, visitor attractions, educational and corporate environments.
Description
Insecure direct object references occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden '/#/content-creation' resource in the system.
Vendor
Sony Electronics Inc. - https://pro.sony
Affected Version
<=1.7.8
Tested On
Microsoft Windows Server 2012 R2
Ubuntu
NodeJS
Express
Vendor Status
[20.09.2020] Vulnerability discovered.
[15.10.2020] Submitted to Sony via Hackerone.
[20.11.2020] Vendor states that the vulnerabilities are just informative and that all the issues are working as intended.
[02.12.2020] Public security advisory released.
PoC
sonybravia_idor.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://exchange.xforce.ibmcloud.com/vulnerabilities/192607
[2] https://cxsecurity.com/issue/WLB-2020120031
[3] https://packetstormsecurity.com/files/160344
Changelog
[02.12.2020] - Initial release
[17.12.2020] - Added reference [1], [2] and [3]
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk