VYPR
Vendor

Sonos

Products
4
CVEs
18
Across products
19
Status
Private

Products

4

Recent CVEs

18
  • CVE-2026-4149CriApr 11, 2026
    risk 0.64cvss 9.8epss 0.01

    Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2023-50809HigAug 12, 2024
    risk 0.51cvss 7.8epss 0.00

    In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in…

  • CVE-2023-50810MedAug 12, 2024
    risk 0.39cvss 6.0epss 0.01

    In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv…

  • CVE-2022-24049Feb 18, 2022
    risk 0.03cvss epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within…

  • CVE-2022-24046Feb 18, 2022
    risk 0.01cvss epss 0.04

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2026-55093Jun 18, 2026
    risk 0.00cvss epss

    - **Component:** `tract-nnef` (`nnef/src/tensors.rs::read_tensor`) + `tract-data` (`data/src/tensor.rs`) - **Affected versions:** `< 0.21.16`, `0.22.0`–`0.22.2`, `0.23.0`–`0.23.1` — the dense `DatLoader` path was unguarded across all three release lines; patched in 0.21.16…

  • CVE-2025-1051Jun 2, 2025
    risk 0.00cvss epss 0.00

    Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2025-1050Apr 23, 2025
    risk 0.00cvss epss 0.00

    Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists…

  • CVE-2025-1049Apr 23, 2025
    risk 0.00cvss epss 0.00

    Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2025-1048Apr 23, 2025
    risk 0.00cvss epss 0.01

    Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. …

  • CVE-2024-5269Jun 6, 2024
    risk 0.00cvss epss 0.01

    Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this…

  • CVE-2024-5268Jun 6, 2024
    risk 0.00cvss epss 0.00

    Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to…

  • CVE-2024-5267Jun 6, 2024
    risk 0.00cvss epss 0.01

    Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this…

  • CVE-2024-5256Jun 6, 2024
    risk 0.00cvss epss 0.00

    Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit…

  • CVE-2023-27353Apr 20, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results…

  • CVE-2023-27354Apr 20, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory…

  • CVE-2023-27352Apr 20, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query…

  • CVE-2023-27355Apr 20, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the…