all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call

Add to bookmarks
Dec. 4, 2023, 10:26 a.m. | Alex Plaskett

NCC Group Research Blog research.nccgroup.com

Vendor: Sonos Vendor URL: https://www.sonos.com/ Versions affected: * Confirmed 73.0-42060 Systems Affected: Sonos Era 100 Author: Ilya Zhuravlev Advisory URL: Not provided by Sonos. Sonos state an update was released on 2023-11-15 which remediated the issue. CVE Identifier: N/A Risk: High Summary Sonos Era 100 is a smart speaker released in 2023. A vulnerability exists […]

hardware & embedded systems technical advisories vulnerability research

Visit resource

More from research.nccgroup.com / NCC Group Research Blog

Why AI Will Not Fully Replace Humans for Web Penetration Testing 1 day, 14 hours ago | research.nccgroup.com
advancements ai-powered artificial artificial intelligence +27
Integrating DigitalOcean into ScoutSuite 5 days, 20 hours ago | research.nccgroup.com
addition apac april auditing +15
Cranim: A Toolkit for Cryptographic Visualization 1 week, 1 day ago | research.nccgroup.com
block cbc cipher code +17
Announcing the Cryptopals Guided Tour Video 17: Padding Oracles! 1 week, 1 day ago | research.nccgroup.com
cryptography study guide tutorial
Ghidra nanoMIPS ISA module 3 weeks, 4 days ago | research.nccgroup.com
architecture aware baseband embedded +21
Sifting through the spines: identifying (potential) Cactus ransomware victims 1 month, 1 week ago | research.nccgroup.com
access blog cactus cactus ransomware +17
Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis 1 month, 2 weeks ago | research.nccgroup.com
analysis architecture confidential data +19
Non-Deterministic Nature of Prompt Injection 1 month, 2 weeks ago | research.nccgroup.com
attack easy explained exploiting +10
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224) 1 month, 3 weeks ago | research.nccgroup.com
access advisory api attack +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com