MidnightBSD

Advisories for roku

CVE-2018-11314 HIGH

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
roku roku_firmware -
CVE-2022-27152 LOW

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
roku roku_os *
CVE-2023-6322

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-requests@bitdefender.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
throughtek kalay_platform -
roku indoor_camera_se_firmware 3.0.2.4679
wyze cam_v3_firmware 4.36.11.5859
CVE-2023-6323

ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-requests@bitdefender.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
owletcare cam_2_firmware *
throughtek kalay_platform -
owletcare cam_firmware *
roku indoor_camera_se_firmware 3.0.2.4679
wyze cam_v3_firmware 4.36.11.5859
CVE-2023-6324

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-requests@bitdefender.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
owletcare cam_2_firmware *
throughtek kalay_platform -
owletcare cam_firmware *
roku indoor_camera_se_firmware 3.0.2.4679
wyze cam_v3_firmware 4.36.11.5859