Unauthorized Access Vulnerability in Sonos Wireless Speakers
CVE-2018-11316

9.6CRITICAL

Key Information:

Vendor: Sonos
Status: Sonos Firmware
Vendor: CVE Published:; 3 July 2018

What is CVE-2018-11316?

The UPnP HTTP server present in various Sonos wireless speaker products is susceptible to a significant security flaw that enables unauthorized access through a DNS rebinding attack. This vulnerability can allow attackers to gain remote control of the affected devices, potentially leading to the exfiltration of sensitive device and network information. As these devices are often connected to personal and home networks, this issue poses a serious risk to user privacy and security.

References

https://www.wired.com/story/chromecast-roku-sonos-dns-reb...

x_refsource_MISC

https://medium.com/%40brannondorsey/attacking-private-net...

x_refsource_MISC

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 3, 2018
Vulnerability Reserved
May 20, 2018