Vulnerabilities > CVE-2020-9285 - Unspecified vulnerability in Sonos ONE Firmware

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

sonos

NVD

Published: 2022-10-20

Updated: 2022-10-21

Summary

Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.

Vulnerable Configurations

Part	Description	Count
OS	Sonos Sonos ONE Firmware -	1
Hardware	Sonos Sonos ONE -	1

References

https://tnpitsecurity.com/blog/gaining-root-on-sonos-speakers/