Vulnerabilities > Sonos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27352 | Use After Free vulnerability in Sonos ONE Firmware, S1 and S2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. | 8.8 |
| 2023-04-20 | CVE-2023-27353 | Out-of-bounds Read vulnerability in Sonos ONE Firmware, S1 and S2 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. | 6.5 |
| 2023-04-20 | CVE-2023-27354 | Integer Overflow or Wraparound vulnerability in Sonos ONE Firmware, S1 and S2 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. | 6.5 |
| 2023-04-20 | CVE-2023-27355 | Stack-based Buffer Overflow vulnerability in Sonos ONE Firmware, S1 and S2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. | 8.8 |
| 2022-10-20 | CVE-2020-9285 | Unspecified vulnerability in Sonos ONE Firmware Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device. low complexity sonos | 6.8 |
| 2022-02-18 | CVE-2022-24046 | Integer Underflow (Wrap or Wraparound) vulnerability in Sonos S1 and S2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). | 8.3 |
| 2022-02-18 | CVE-2022-24049 | Out-of-bounds Write vulnerability in Sonos S1 and S2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). | 10.0 |
| 2018-07-03 | CVE-2018-11316 | Improper Input Validation vulnerability in Sonos Firmware The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. | 9.6 |