Skip to main content

Chromecast Firmware

5 CVEs product

Monthly

CVE-2023-6181 CRITICAL Act Now

An oversight in BCB handling of reboot reason that allows for persistent code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Chromecast Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-48425 CRITICAL Act Now

U-Boot vulnerability resulting in persistent Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Chromecast Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-48424 CRITICAL Act Now

U-Boot shell vulnerability resulting in Privilege escalation in a production device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Chromecast Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-48417 CRITICAL Act Now

Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Chromecast Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2018-12716 MEDIUM This Month

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chromecast Firmware Home Firmware
NVD
CVSS 3.0
4.3
EPSS
0.7%
EPSS 0% CVSS 9.8
CRITICAL Act Now

An oversight in BCB handling of reboot reason that allows for persistent code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Chromecast Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

U-Boot vulnerability resulting in persistent Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Chromecast Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

U-Boot shell vulnerability resulting in Privilege escalation in a production device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Chromecast Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Chromecast Firmware
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chromecast Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy