Aggregates CVE and security vulnerability intelligence across all roku-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk memory corruption, vendor risk buffer overflow, and vendor risk input validation, with potential vendor impact application crash across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-6324 | ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity | [email protected] | 8.1 | 0.71% | 2024-05-15 | 2025-02-11 |
| CVE-2023-6323 | ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server. | [email protected] | 4.3 | 0.33% | 2024-05-15 | 2025-02-11 |
| CVE-2023-6322 | A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability. | [email protected] | 7.2 | 0.77% | 2024-05-15 | 2025-02-11 |
| CVE-2022-27152 | Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. | [email protected] | 5.7 | 0.30% | 2022-04-08 | 2024-11-21 |
| CVE-2018-11314 | The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | [email protected] | 9.6 | 1.74% | 2018-07-03 | 2024-11-21 |