CVE-2019-10886

Name of the Vulnerable Software and Affected Versions Sony Photo Sharing Plus application in the firmware before PKG6.5629 version

Description The issue is related to incorrect access control in the Sony Photo Sharing Plus application. This allows an attacker to read arbitrary files without authentication over HTTP when the application is running, potentially enabling them to browse specific directories, such as images, inside a private network.

Recommendations For versions before PKG6.5629, update the firmware to version PKG6.5629 or later to resolve the issue. As a temporary workaround, consider disabling the Photo Sharing Plus application until the update is applied. Restrict access to the application to minimize the risk of exploitation.