Back to directory
WRITEUP #1138

Exploiting The Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight

RCEMemory corruptionOut-of-bounds Read
by@thezdi(The ZDI Research Team)
Bounty
105,000
Program
Sonos
Published
May 25, 2023
Added to HackDex
Jun 5, 2023
Read Full Writeuphttps://www.zerodayinitiative.com/blog/2023/5/24/exploiting-the-sonos-one-speaker-three-different-ways-a-pwn2own-toronto-highlight
RELATED WRITEUPS
4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways
RCEBuffer Overflow
Vulnerabilities in NodeJS C/C++ add-on extensions
OtherMemory corruption
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
RCEDependency confusion
Attacking PowerShell CLIXML Deserialization
DeserializationInsecure deserialization

Built with ❤️ by Shubham Rawat