Command execution vulnerability in Philips Smart Wireless Speaker web service formUpgradeURL web interface

The Philips Smart Wireless Speaker is an AI-based music player that can be connected to the internet. A command execution vulnerability exists in the Philips Smart Wireless Speaker web service formUpgradeURL web interface, which can be exploited by an attacker to execute commands...

CVE-2018-11316

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...

Design/Logic Flaw

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...

CVE-2018-11316

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...

CVE-2018-11316

The CVE-2018-11316 entry concerns Sonos wireless speaker devices whose UPnP HTTP server can be abused via a DNS rebinding attack. The affected component is the Sonos UPnP web server; the underlying issue is lack of access restriction allowing unauthorized control and information exfiltration from...