S1 Security Vulnerabilities and Issues — S1 CVE List

Lucene search

SonosS1

8 matches found

CVE•added 2022/02/18 8:15 p.m.•95 views

CVE-2022-24049

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec...

10CVSS9.7AI score0.37962EPSS

CVE•added 2022/02/18 8:15 p.m.•91 views

CVE-2022-24046

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacap...

9.8CVSS8.9AI score0.07417EPSS

CVE•added 2023/04/20 10:15 p.m.•52 views

CVE-2023-27355

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper valid...

8.8CVSS8.8AI score0.00055EPSS

CVE•added 2025/04/23 5:16 p.m.•44 views

CVE-2025-1049

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processi...

8.8CVSS9.1AI score0.00051EPSS

CVE•added 2025/04/23 5:16 p.m.•39 views

CVE-2025-1048

Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exist...

8.8CVSS9.1AI score0.00055EPSS

CVE•added 2023/04/20 10:15 p.m.•34 views

CVE-2023-27352

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue result...

8.8CVSS8.9AI score0.00055EPSS

CVE•added 2023/04/20 10:15 p.m.•33 views

CVE-2023-27353

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of pro...

6.5CVSS5.8AI score0.00053EPSS

CVE•added 2023/04/20 10:15 p.m.•31 views

CVE-2023-27354

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issu...

6.5CVSS6.1AI score0.00093EPSS