CVE-2018-11316

Опубликовано: 03 июл. 2018

Источник: nvd

CVSS3: 9.6

CVSS2: 9.3

EPSS Низкий

Описание

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

Ссылки

https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability
Press/Media Coverage
Third Party Advisory
https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability
Press/Media Coverage
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sonos:sonos_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sonos:sonos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00263

Низкий

9.6 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-cv2h-x977-pmxq