CVE-2020-9285 — MEDIUM (6.8)

Vulnerability Description

Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sonos	One Firmware	-
Sonos	One	-

Related Weaknesses (CWE)

CWE-1191

References

https://tnpitsecurity.com/blog/gaining-root-on-sonos-speakers/ExploitThird Party Advisory
https://tnpitsecurity.com/blog/gaining-root-on-sonos-speakers/ExploitThird Party Advisory

FAQ

What is CVE-2020-9285?

CVE-2020-9285 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts...

How severe is CVE-2020-9285?

CVE-2020-9285 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9285?

Check the references section above for vendor advisories and patch information. Affected products include: Sonos One Firmware, Sonos One.