Sonos Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:sonos:sonos_firmware:-:*:*:*:*:*:*:*
part: o version: - update: *
| Vendor | Sonos (685998d9-c733-512c-b98d-66fad0e058df) |
|---|---|
| Product | Sonos Firmware (0fbe5376-88c9-565b-a2fa-dcdb6c23cb1b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-50810 |
vulnerable | 2026-06-08 06:16:16.783379 |
Details available
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp.
Published: 2024-08-09T00:00:00.000Z
Updated: 2024-08-23T15:01:15.550Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11316 |
vulnerable | 2026-06-08 05:10:38.345425 |
Details available
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
Published: 2018-07-03T16:00:00.000Z
Updated: 2024-08-05T08:01:52.822Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.