CVE-2018-11316

2018-07-0316:00:00

mitre

www.cve.org

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

References

medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325

www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability