Bose : Security Vulnerabilities, CVEs,

CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.
Max CVSS
6.1
EPSS Score
0.37%
Published
2019-03-21
Updated
2019-03-21

CVE-2017-17751

Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.
Max CVSS
8.8
EPSS Score
0.52%
Published
2018-03-24
Updated
2019-10-03

CVE-2017-17750

Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.
Max CVSS
5.4
EPSS Score
0.05%
Published
2018-03-24
Updated
2018-04-19

CVE-2017-17749

Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.
Max CVSS
5.4
EPSS Score
0.06%
Published
2018-03-24
Updated
2018-04-19

CVE-2017-6520

The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
Max CVSS
9.1
EPSS Score
0.37%
Published
2017-05-01
Updated
2017-05-16
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close