Critical Security Flaws Reported in Sonos One Speakers

The Zero Day Initiative (ZDI) has reported that multiple security vulnerabilities have been discovered in Sonos One wireless speakers, which could potentially lead to information disclosure and remote code execution.

 The four identified flaws, impacting Sonos One Speaker 70.3-35220, include:

• two unauthenticated vulnerabilities (CVE-2023-27352 and CVE-2023-27355) that allow network-adjacent attackers to execute arbitrary code,
• two other unauthenticated vulnerabilities (CVE-2023-27353 and CVE-2023-27354) that enable attackers to disclose sensitive information.

Sonos has addressed these flaws in their S2 and S1 software versions 15.1 and 11.7.1 respectively, and users are advised to apply the latest patches to mitigate potential risks.