Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
Sonos Era 300: Remote Attackers Can Execute Code on Your Device
CVE-2026-4149
Summary
A bug in the Sonos Era 300's handling of network requests allows hackers to execute code on your device without needing a password. This could allow them to access or manipulate your device's settings, music, or other sensitive information. Update your Sonos Era 300 to the latest available version to fix this issue.
Original title
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300....
Original description
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-28345.
The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-28345.
nvd CVSS3.0
10.0
Vulnerability type
CWE-119
Buffer Overflow
Published: 11 Apr 2026 · Updated: 11 Apr 2026 · First seen: 11 Apr 2026