Vulnerabilities > CVE-2017-6520 - Channel and Path Errors vulnerability in Bose Soundtouch 30

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

bose

CWE-417

critical

NVD

Published: 2017-05-01

Updated: 2017-05-16

Summary

The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

Vulnerable Configurations

Part	Description	Count
Hardware	Bose Bose Soundtouch 30 -	1

Common Weakness Enumeration (CWE)

CWE-417 - Channel and Path Errors

References

https://www.secfu.net/advisories