Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Sonos Smart Speakers
Alerts

Critical Vulnerability in Sonos Smart Speakers

13 August 2024

Sonos has released security updates addressing a critical vulnerability (CVE-2023-50809) in their Sonos Smart Speakers. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the vulnerability may allow a remote attacker to execute arbitrary code on the vulnerable device and in doing so, take control of the device, covertly record audio, and then exfiltrate it to the attacker’s server.

The vulnerability affects the following product versions:

• Sonos S1 versions up to and including 11.12

• Sonos S2 versions up to and including 15.9

Users and administrators of affected product versions are advised to update to the latest version immediately. 

More information is available here:

https://www.sonos.com/en-gb/security-advisory-2024-0001

https://www.tenable.com/cve/CVE-2023-50809

https://www.securityweek.com/vulnerability-allowed-eavesdropping-via-sonos-smart-speakers/?utm_source=tldrinfosec

Back to top