The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 02:51
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Aug 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-07-03 16:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-11314
Mitre link : CVE-2018-11314
CVE.ORG link : CVE-2018-11314
JSON object : View
Products Affected
roku
- roku_firmware
- roku
CWE
CWE-20
Improper Input Validation