The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
CVSS Score
9.6
EPSS Score
0.005
Published
2018-07-03