Soundtouch 30
by Bose
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6520 | Cri | 0.59 | 9.1 | 0.02 | May 1, 2017 | The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive… | ||
| CVE-2017-17751 | Hig | 0.57 | 8.8 | 0.01 | Mar 24, 2018 | Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol. | ||
| CVE-2018-12638 | Med | 0.40 | 6.1 | 0.01 | Mar 21, 2019 | An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app. | ||
| CVE-2017-17750 | Med | 0.35 | 5.4 | 0.01 | Mar 24, 2018 | Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify. | ||
| CVE-2017-17749 | Med | 0.35 | 5.4 | 0.01 | Mar 24, 2018 | Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora. |
- risk 0.59cvss 9.1epss 0.02
The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive…
- risk 0.57cvss 8.8epss 0.01
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.
- risk 0.35cvss 5.4epss 0.01
Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.
- risk 0.35cvss 5.4epss 0.01
Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.