SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Sony TV Vendors:   Sony
Sony Bravia TV Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1026891
SecurityTracker URL:  http://securitytracker.com/id/1026891
CVE Reference:   CVE-2012-2210   (Links to External Site)
Date:  Apr 5 2012
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): KDL-32CX525
Description:   A vulnerability was reported in Sony Bravia TV. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to cause the target device to crash. A physical restart is required to return the device to normal operations.

A demonstration exploit hping command is provided:

hping -S [target] -p [port] -i u1 --flood

Gabriel Menezes Nunes reported this vulnerability.

Impact:   A remote user can cause the target device to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.sony.com/ (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents

Subject:  Sony Bravia Remote Denial of Service - CVE-2012-2210

# Exploit Title: Sony Bravia Remote Denial of Service
# Date: 04/04/2012
# Author: Gabriel Menezes Nunes
# Version: Sony Bravia TV
# Tested on: Sony Bravia TV (KDL-32CX525)
# CVE: CVE-2012-2210

Playing with my TV, I found a bug that can crash the device.

Running a hping command against a Sony Bravia TV (KDL-32CX525),
all the functions stop working instantly. You cannot change the
volume, channels or access any function. Instantly. After 35 seconds
the TV stop working and back. This happens 3 times. At fourth time, the
TV shuts down. In less than 3 minutes, the TV is off remotely. It is
necessary to turn on the TV physically.

Attack:

hping -S TV.IP.Address -p anyport -i u1 --flood

Example: hping -S 10.0.0.3 -p 2828 -i u1 --flood
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC