CVE-2026-4149
Received Received - Intake
Out-of-Bounds Access in Sonos Era 300 SMB Enables RCE

Publication date: 2026-04-11

Last updated on: 2026-04-15

Assigner: Zero Day Initiative

Description
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-28345.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-11
Last Modified
2026-04-15
Generated
2026-05-07
AI Q&A
2026-04-11
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4149
EUVD
EUVD-2026-21627
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sonos era_300_firmware to 83.1-61240 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-4149 is a critical remote code execution vulnerability affecting the Sonos Era 300 device. It arises from improper validation of the DataOffset field within SMB (Server Message Block) responses, which leads to out-of-bounds memory access beyond an allocated buffer.

This flaw allows unauthenticated remote attackers to execute arbitrary code with kernel-level privileges on affected devices.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.


How can this vulnerability impact me? :

This vulnerability can have severe impacts as it allows remote attackers to execute arbitrary code on the Sonos Era 300 device without any authentication.

Since the code execution occurs with kernel-level privileges, an attacker could fully compromise the device, potentially leading to unauthorized control, data theft, or disruption of device functionality.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update your Sonos Era 300 device to the fixed system update version 83.1-61240, which addresses the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart