CVE-2020-9285

Exploit

EPSS 0.1%
Veröffentlicht 20.10.2022 17:15:09
Zuletzt bearbeitet 08.05.2025 18:15:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sonos ≫ One Firmware Version-

Sonos ≫ One Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.289

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

https://tnpitsecurity.com/blog/gaining-root-on-sonos-speakers/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-9285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9285

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-9285