Details of VAR-201807-1344

ID

VAR-201807-1344

CVE

CVE-2018-11316

TITLE

Sonos wireless speaker Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008038

DESCRIPTION

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. Sonos wireless speaker Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Sonos wireless speaker is a wireless speaker device of Sonos company in the United States. UPnP HTTP Server is one of the HTTP servers

Trust: 1.8

sources: NVD: CVE-2018-11316 // JVNDB: JVNDB-2018-008038 // VULHUB: VHN-121163 // VULMON: CVE-2018-11316

IOT TAXONOMY

category:

['wearable device']

sub_category:

smart speaker

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	sonos	model:	sonos	scope:	eq	version:	-	Trust: 1.6
vendor:	sonos	model:	sonos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-008038 // CNNVD: CNNVD-201807-140 // NVD: CVE-2018-11316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11316
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-11316
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201807-140
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-121163
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-11316
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-11316
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-121163
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11316
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121163 // VULMON: CVE-2018-11316 // JVNDB: JVNDB-2018-008038 // CNNVD: CNNVD-201807-140 // NVD: CVE-2018-11316

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-121163 // JVNDB: JVNDB-2018-008038 // NVD: CVE-2018-11316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-140

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201807-140

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008038

PATCH

title:	Sonos	url:	https://www.sonos.com/ja-jp/home	Trust: 0.8
title:	cve	url:	https://github.com/brannondorsey/cve	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/roku-tv-sonos-speaker-devices-open-to-takeover/133005/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/google-roku-sonos-to-fix-dns-rebinding-attack-vector/	Trust: 0.1

sources: VULMON: CVE-2018-11316 // JVNDB: JVNDB-2018-008038

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11316	Trust: 2.7
db:	JVNDB	id:	JVNDB-2018-008038	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-140	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-121163	Trust: 0.1
db:	VULMON	id:	CVE-2018-11316	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-121163 // VULMON: CVE-2018-11316 // JVNDB: JVNDB-2018-008038 // CNNVD: CNNVD-201807-140 // NVD: CVE-2018-11316

REFERENCES

url:	https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability	Trust: 1.8
url:	https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325	Trust: 1.6
url:	https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11316	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11316	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/roku-tv-sonos-speaker-devices-open-to-takeover/133005/	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-121163 // VULMON: CVE-2018-11316 // JVNDB: JVNDB-2018-008038 // CNNVD: CNNVD-201807-140 // NVD: CVE-2018-11316

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-121163
db:	VULMON	id:	CVE-2018-11316
db:	JVNDB	id:	JVNDB-2018-008038
db:	CNNVD	id:	CNNVD-201807-140
db:	NVD	id:	CVE-2018-11316

LAST UPDATE DATE

2025-01-30T22:25:43.654000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121163	date:	2018-09-11T00:00:00
db:	VULMON	id:	CVE-2018-11316	date:	2018-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-008038	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-140	date:	2018-07-04T00:00:00
db:	NVD	id:	CVE-2018-11316	date:	2024-11-21T03:43:07.307

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121163	date:	2018-07-03T00:00:00
db:	VULMON	id:	CVE-2018-11316	date:	2018-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008038	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-140	date:	2018-07-04T00:00:00
db:	NVD	id:	CVE-2018-11316	date:	2018-07-03T16:29:00.273