Vulnerabilities > CVE-2017-6520 - Channel and Path Errors vulnerability in Bose Soundtouch 30

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

bose

CWE-417

NVD

Published: 2017-05-01

Updated: 2017-05-16

Summary

The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

Vulnerable Configurations

Part	Description	Count
Hardware	Bose Bose Soundtouch 30 -	1

Common Weakness Enumeration (CWE)

CWE-417 - Channel and Path Errors

References

https://www.secfu.net/advisories