Arbitrary Code Execution in Sonos One Speaker by Vendor Sonos
CVE-2023-27355

8.8HIGH

Key Information:

Vendor: Sonos
Status: One Speaker
Vendor: CVE Published:; 20 April 2023

What is CVE-2023-27355?

This vulnerability found in the Sonos One Speaker allows remote attackers within the same network to execute arbitrary code due to improper validation of input data length in the MPEG-TS parser. The flaw enables an attacker to copy user-supplied data into a fixed-length stack-based buffer without adequate checks, providing a route to run arbitrary code with root privileges. Exploitation does not require authentication, significantly amplifying the risk posed to users of the affected product.

Affected Version(s)

One Speaker 70.3-35220

References

https://www.zerodayinitiative.com/advisories/ZDI-23-449/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2023
Vulnerability Reserved
Feb 28, 2023

Credit

Orange Tsai (@orange_8361) of DEVCORE Research Team