CVE-2018-11316

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sonos:sonos_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sonos:sonos:-:*:*:*:*:*:*:*

History

07 Nov 2023, 02:51

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325', 'name': 'https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325 -

Information

Published : 2018-07-03 16:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-11316

Mitre link : CVE-2018-11316

CVE.ORG link : CVE-2018-11316


JSON object : View

Products Affected

sonos

  • sonos
  • sonos_firmware
CWE
CWE-20

Improper Input Validation