ZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

Kurzinfo

Veroeffentlicht: 2026-03-16 05:00 UTC Importiert: 2026-05-14 23:39 UTC CVSS: 10.0 Quelle-ID: zdi_pub uid_hash: bfe23e061b818d787cc9b58ed1abd0846d89382618c693022b4e1a58e39c2c65

Zero Day Initiative (Published)

Inhalt

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2026-4149.

Verknuepfte CVEs

CVE-ID	Severity (CVE.org)	CVSS (CVE.org)	EPSS	EPSS-%	Veroeffentlicht (CVE.org)
CVE-2026-4149	CRITICAL	10.0	-	-	2026-04-11

Quellen-Details

Bezeichnung	Name	Kategorie	Tags	Zielgruppe	Sprache	Feed-URL
Zero Day Initiative (Published)	zdi_pub	threat_intel		-	de	https://www.zerodayinitiative.com/rss/published/

Zurueck zur Eintrags-Liste