roku 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption、バッファオーバーフロー, and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-6324 | ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity | [email protected] | 8.1 | 0.71% | 2024-05-15 | 2025-02-11 |
| CVE-2023-6323 | ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server. | [email protected] | 4.3 | 0.33% | 2024-05-15 | 2025-02-11 |
| CVE-2023-6322 | A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability. | [email protected] | 7.2 | 0.77% | 2024-05-15 | 2025-02-11 |
| CVE-2022-27152 | Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. | [email protected] | 5.7 | 0.30% | 2022-04-08 | 2024-11-21 |
| CVE-2018-11314 | The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | [email protected] | 9.6 | 1.74% | 2018-07-03 | 2024-11-21 |