Advertisement
Top
image credit: Unsplash

Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers

May 30, 2023

Via: The Hacker News
Category:

Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week.

The vulnerabilities were demonstrated by three different teams from Qrious Secure, STAR Labs, and DEVCORE at the Pwn2Own hacking contest held in Toronto late last year, netting them $105,000 in monetary rewards.

The list of four flaws, which impact Sonos One Speaker 70.3-35220, is below –

  • CVE-2023-27352 and CVE-2023-27355 (CVSS scores: 8.8) – Unauthenticated flaws that allow network-adjacent attackers to execute arbitrary code on affected installations.
  • CVE-2023-27353 and CVE-2023-27354 (CVSS score: 6.5) – Unauthenticated flaws that allow network-adjacent attackers to disclose sensitive information on affected installations.

Read More on The Hacker News

RELATED PUBLICATIONS

OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories
Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector
Google Patches Exploited Pixel Vulnerabilities

Latest Publications

Google fixed critical Chrome vulnerability CVE-2024-4058
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
AI set to play key role in future phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!