Roku: Security Vulnerabilities
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVSS Score
8.1
EPSS Score
0.004
Published
2024-05-15
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-05-15
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-05-15
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.
CVSS Score
5.7
EPSS Score
0.001
Published
2022-04-08
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
CVSS Score
9.6
EPSS Score
0.005
Published
2018-07-03