Memory Access Vulnerability in Sonos One Speakers by Sonos
CVE-2020-9285

6.8MEDIUM

Key Information:

Vendor: Sonos
Status: One Firmware
Vendor: CVE Published:; 20 October 2022

What is CVE-2020-9285?

Certain versions of the Sonos One speakers are exposed to a memory access vulnerability, allowing an attacker to gain partial or full access to the device's memory through hardware that is connected to the Mini-PCI Express slot. This slot, typically occupied by the WiFi card, can be leveraged by malicious users to manipulate the device's functionality and access sensitive information.

References

https://tnpitsecurity.com/blog/gaining-root-on-sonos-spea...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2022
Vulnerability Reserved
Feb 19, 2020