The Zero Day Initiative (ZDI) has identified multiple security flaws in Sonos One wireless speakers that could potentially lead to information disclosure and remote code execution, according to a recent report. During the Pwn2Own hacking contest, three different teams successfully demonstrated these vulnerabilities, earning a combined reward of $105,000.
The flaws, which impact Sonos One Speaker 70.3-35220, include unauthenticated weaknesses that allow attackers to execute arbitrary code and disclose sensitive information on affected installations. Exploiting these flaws could grant an attacker the ability to execute code with elevated privileges.
Two of the identified vulnerabilities, CVE-2023-27352 and CVE-2023-27355, have a CVSS score of 8.8 and enable network-adjacent attackers to execute arbitrary code. The other two flaws, CVE-2023-27353 and CVE-2023-27354, have a CVSS score of 6.5 and allow network-adjacent attackers to disclose sensitive information.
The first flaw, CVE-2023-27352, occurs during the processing of SMB directory query commands, while CVE-2023-27355 is found within the MPEG-TS parser. Combining the information disclosure flaws with other system vulnerabilities could result in code execution with elevated privileges.
Sonos has addressed these security flaws by releasing software updates as part of Sonos S2 and S1 software versions 15.1 and 11.7.1, respectively.
Users are strongly advised to apply the latest patches to protect their Sonos One wireless speakers and mitigate potential risks associated with information disclosure and remote code execution.
