Roku and Roku TV Products Vulnerability: Unauthorized Access and Exfiltration via DNS Rebind Attack

Roku and Roku TV Products Vulnerability: Unauthorized Access and Exfiltration via DNS Rebind Attack

CVE-2018-11314 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

Learn more about our Cis Benchmark Audit For Bind.