Sonos Era 100 Smart Speaker Remote Code Execution Vulnerability
CVE-2024-5269
8.8HIGH
What is CVE-2024-5269?
The vulnerability in the Sonos Era 100 smart speakers emerges from improper handling of SMB2 messages, allowing network-adjacent attackers to execute arbitrary code. This lack of validation for the existence of an object before operations can be exploited without requiring authentication. Successful exploitation could lead to code execution in the context of root, highlighting a significant risk for users of affected devices.
Affected Version(s)
Era 100 15.9 (build 75146030)