Sony BRAVIA Digital Signage Insecure Direct Object Reference Vulnerability

A client-side protection bypass vulnerability has been identified in Sony BRAVIA Digital Signage version 1.7.8. This vulnerability allows attackers to exploit insecure direct object references, bypassing authorization controls to access hidden system resources, such as the '/#/content-creation' page. The issue arises from the application providing direct access to objects based on user-supplied input, enabling unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to hidden system resources, allowing attackers to obtain sensitive information and potentially launch further attacks against the affected system.

Reproduction

The vulnerability can be reproduced by sending a specially-crafted HTTP request that manipulates client-side access restrictions. This will bypass authorization controls and grant access to the '/#/content-creation' resource.