Design/Logic Flaw

2018-07-0316:29:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

References

medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325

www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability