Brannon Dorsey

**Name of the Vulnerable Software and Affected Versions** Roku and Roku TV products (affected versions not specified) **Description** The issue allows unauthorized access to the device via a DNS Rebind attack, potentially resulting in remote device control and the exfiltration of privileged device and network information by an attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sonos wireless speaker products (affected versions not specified) **Description** The issue allows unauthorized access to the device via a DNS rebinding attack on the UPnP HTTP server. This can lead to remote device control and the exfiltration of privileged device and network information by an attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Home and Chromecast devices (affected versions not specified, but versions before mid-July 2018 are impacted) **Description** The issue concerns a lack of protection against DNS rebinding attacks in the API service of the affected devices. This allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network. Attackers can extract the `scan results` JSON data, specifically the `bssid` fields, and send these fields in a "geolocation/v1/geolocate" Google Maps Geolocation API request to obtain location information. **Recommendations** For Google Home and Chromecast devices before mid-July 2018, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Radio Thermostat CT50 and CT80 versions 1.04.84 and below **Description** The issue allows unauthorized access to the Local HTTP API via a DNS rebinding attack, potentially enabling remote control of device temperature. This could be exploited to alter a home's target temperature, as demonstrated by sending a `t heat` request to a device. **Recommendations** For Radio Thermostat CT50 and CT80 versions 1.04.84 and below, consider restricting access to the Local HTTP API to minimize the risk of exploitation. Avoid using the `tstat` API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.