Sign-up

ID

VAR-201204-0202


CVE

CVE-2012-2210


TITLE

Sony BRAVIA TV Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-8864 // CNNVD: CNNVD-201204-091

DESCRIPTION

The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116. The Sony BRAVIA KDL-32CX525 is an HD LCD TV. A denial of service vulnerability exists in Sony BRAVIA TV that originated from errors in processing datagrams. An attacker could exploit the vulnerability to cause a device to stop responding and eventually shut down with a brute force attack. This vulnerability exists in the KDL-32CX525 release and other versions may be affected. Bravia Tv is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Sony BRAVIA TV Datagram Flooding Denial of Service SECUNIA ADVISORY ID: SA48705 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48705/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48705 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48705/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48705/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48705 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sony BRAVIA TV, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in KDL-32CX525. SOLUTION: No fix is currently available. PROVIDED AND/OR DISCOVERED BY: Gabriel Menezes Nunes ORIGINAL ADVISORY: Gabriel Menezes Nunes: http://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2012-2210 // JVNDB: JVNDB-2012-002055 // CNVD: CNVD-2012-8864 // BID: 78204 // PACKETSTORM: 111654

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-8864

AFFECTED PRODUCTS

vendor:sonymodel:bravia tvscope:eqversion:kdl-32cx525

Trust: 2.4

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:sonymodel:bravia tv kdl-32cx525scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2012-8864 // BID: 78204 // JVNDB: JVNDB-2012-002055 // CNNVD: CNNVD-201204-091 // NVD: CVE-2012-2210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2210
value: HIGH

Trust: 1.0

NVD: CVE-2012-2210
value: HIGH

Trust: 0.8

CNVD: CNVD-2012-8864
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201204-091
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2012-2210
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-8864
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2012-8864 // JVNDB: JVNDB-2012-002055 // CNNVD: CNNVD-201204-091 // NVD: CVE-2012-2210

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2012-002055 // NVD: CVE-2012-2210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-091

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201204-091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002055

PATCH
title:eSupport - KDL-32CX525url:http://esupport.sony.com/LA/perl/model-home.pl?mdl=KDL32CX525
Trust: 0.8
title:KDL-32CX525url:http://www.sony.de/product/tv-80-32-lcd/kdl-32cx525
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-002055

EXTERNAL IDS
db:NVDid:CVE-2012-2210
Trust: 3.3
db:EXPLOIT-DBid:18705
Trust: 2.5
db:SECUNIAid:48705
Trust: 1.7
db:OSVDBid:80957
Trust: 1.0
db:SECTRACKid:1026891
Trust: 1.0
db:JVNDBid:JVNDB-2012-002055
Trust: 0.8
db:CNVDid:CNVD-2012-8864
Trust: 0.6
db:CNNVDid:CNNVD-201204-091
Trust: 0.6
db:BIDid:78204
Trust: 0.3
db:PACKETSTORMid:111654
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-8864 // 
            
            
            
            BID: 78204 // 
            
            
            
            JVNDB: JVNDB-2012-002055 // 
            
            
            
            PACKETSTORM: 111654 // 
            
            
            
            CNNVD: CNNVD-201204-091 // 
            
            
            
            NVD: CVE-2012-2210

REFERENCES
url:http://www.exploit-db.com/exploits/18705/
Trust: 2.5
url:http://secunia.com/advisories/48705
Trust: 1.6
url:http://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/74644
Trust: 1.0
url:http://osvdb.org/80957
Trust: 1.0
url:http://www.securitytracker.com/id?1026891
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2210
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2210
Trust: 0.8
url:http://secunia.com/psi_30_beta_launch
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48705
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/48705/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/48705/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-8864 // 
            
            
            
            BID: 78204 // 
            
            
            
            JVNDB: JVNDB-2012-002055 // 
            
            
            
            PACKETSTORM: 111654 // 
            
            
            
            CNNVD: CNNVD-201204-091 // 
            
            
            
            NVD: CVE-2012-2210

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78204

SOURCES
db:CNVDid:CNVD-2012-8864
db:BIDid:78204
db:JVNDBid:JVNDB-2012-002055
db:PACKETSTORMid:111654
db:CNNVDid:CNNVD-201204-091
db:NVDid:CVE-2012-2210

LAST UPDATE DATE
2025-04-11T23:02:01.528000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-8864date:2012-04-10T00:00:00
db:BIDid:78204date:2012-04-11T00:00:00
db:JVNDBid:JVNDB-2012-002055date:2012-04-12T00:00:00
db:CNNVDid:CNNVD-201204-091date:2012-04-10T00:00:00
db:NVDid:CVE-2012-2210date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-8864date:2012-04-10T00:00:00
db:BIDid:78204date:2012-04-11T00:00:00
db:JVNDBid:JVNDB-2012-002055date:2012-04-12T00:00:00
db:PACKETSTORMid:111654date:2012-04-06T06:04:18
db:CNNVDid:CNNVD-201204-091date:2012-04-10T00:00:00
db:NVDid:CVE-2012-2210date:2012-04-11T10:39:27.200