Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

bose

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2018-12638
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 46.15%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 18:27
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.

Action-Not Available
Vendor-bosen/a
Product-soundtouchn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-17749
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-24 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.

Action-Not Available
Vendor-bosen/a
Product-soundtouchn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-17750
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 51.80%
||
7 Day CHG~0.00%
Published-24 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.

Action-Not Available
Vendor-bosen/a
Product-soundtouchn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-17751
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.35%
||
7 Day CHG~0.00%
Published-24 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.

Action-Not Available
Vendor-bosen/a
Product-soundtouchn/a
CVE-2017-6520
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.81% / 73.20%
||
7 Day CHG~0.00%
Published-01 May, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

Action-Not Available
Vendor-bosen/a
Product-soundtouch_30n/a