CVE-2018-11314

Опубликовано: 03 июл. 2018

Источник: nvd

CVSS3: 9.6

CVSS2: 9.3

EPSS Низкий

Описание

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

Ссылки

https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://support.roku.com/article/12554388937879
https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability
Press/Media Coverage
Third Party Advisory
https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://support.roku.com/article/12554388937879
https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability
Press/Media Coverage
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:h:roku:roku_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:roku:roku:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00454

Низкий

9.6 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-chc2-rvc6-vpg5