Filtered by vendor Sonos
Subscriptions
Filtered by product Sonos Firmware
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11316 | 1 Sonos | 2 Sonos, Sonos Firmware | 2024-11-21 | N/A |
| The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | ||||
| CVE-2023-50810 | 1 Sonos | 1 Sonos Firmware | 2024-08-23 | 6 Medium |
| In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp. | ||||
Page 1 of 1.