CVE-2022-27152

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.

CVSS v3 5.7 MEDIUM
CVSS v2.0 2.7 LOW

5.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 5.1 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/llamasoft/RootMyRoku	Third Party Advisory
https://support.roku.com/article/12554388937879
https://github.com/llamasoft/RootMyRoku	Third Party Advisory
https://support.roku.com/article/12554388937879

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:roku:roku_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:roku:express:-:::::::*
	cpe:2.3:h:roku:express_4k\+:-:::::::*
	cpe:2.3:h:roku:roku_tv:-:::::::*
	cpe:2.3:h:roku:streambar:-:::::::*
	cpe:2.3:h:roku:streambar_pro:-:::::::*
	cpe:2.3:h:roku:streaming_stick_4k:-:::::::*
	cpe:2.3:h:roku:streaming_stick_4k\+:-:::::::*
	cpe:2.3:h:roku:ultra:-:::::::*
	cpe:2.3:h:roku:wireless_speakers:-:::::::*
	cpe:2.3:h:roku:wireless_subwoofer:-:::::::*

History

21 Nov 2024, 06:55

Type	Values Removed	Values Added
References	~~() https://github.com/llamasoft/RootMyRoku - Third Party Advisory~~	() https://github.com/llamasoft/RootMyRoku - Third Party Advisory
References	~~() https://support.roku.com/article/12554388937879 -~~	() https://support.roku.com/article/12554388937879 -

15 Apr 2022, 15:02

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/llamasoft/RootMyRoku -~~	(MISC) https://github.com/llamasoft/RootMyRoku - Third Party Advisory
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.7 v3 : 5.7
CPE		cpe:2.3:h:roku:roku_tv:-:::::::* cpe:2.3:h:roku:express_4k\+:-:::::::* cpe:2.3:h:roku:streambar:-:::::::* cpe:2.3:h:roku:ultra:-:::::::* cpe:2.3:h:roku:wireless_subwoofer:-:::::::* cpe:2.3:h:roku:express:-:::::::* cpe:2.3:h:roku:wireless_speakers:-:::::::* cpe:2.3:h:roku:streaming_stick_4k:-:::::::* cpe:2.3:o:roku:roku_os:::::::: cpe:2.3:h:roku:streambar_pro:-:::::::* cpe:2.3:h:roku:streaming_stick_4k\+:-:::::::*

08 Apr 2022, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-04-08 18:15

Updated : 2024-11-21 06:55

NVD link : CVE-2022-27152

Mitre link : CVE-2022-27152

CVE.ORG link : CVE-2022-27152

JSON object : View

Products Affected

roku

wireless_speakers
wireless_subwoofer
streaming_stick_4k\+
roku_os
express_4k\+
ultra
streaming_stick_4k
roku_tv
streambar_pro
streambar
express

CWE

NVD-CWE-noinfo

5.7 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.7 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2022-27152

5.7^/10

2.7^/10

Attach tags to `CVE-2022-27152`