Recently, multiple security flaws were discovered in Sonos One wireless speakers. The Zero Day Initiative reported that these vulnerabilities could be exploited to gain access to sensitive information and execute remote code. Three teams from Qrious Secure, STAR Labs, and DEVCORE showcased these flaws at the Pwn2Own hacking contest held in Toronto last year and were rewarded with $105,000. The flaws are designated as CVE-2023-27352, CVE-2023-27355, CVE-2023-27353, and CVE-2023-27354. CVE-2023-27352 and CVE-2023-27355 have a CVSS score of 8.8 and allow network-adjacent attackers to execute arbitrary code on the affected installation. CVE-2023-27353 and CVE-2023-27354 have a CVSS score of 6.5 and allow attackers to access sensitive information. CVE-2023-27352 is caused by an issue when processing SMB directory query commands, and CVE-2023-27355 is caused by a problem with the MPEG-TS parser. An attacker could use these flaws to gain access to the system as a root user and execute code with elevated privileges. Sonos addressed these issues with the release of the Sonos S2 and S1 software versions 15.1 and 11.7.1, respectively. To protect against these risks, users should update to the latest patch.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.