← Back

Roku

roku

5 CVEs • 14 products

Products (14)

Click to collapse
Toggle
Indoor Camera Se Firmware
indoor_camera_se_firmware
3 CVEs
Roku Firmware
roku_firmware
1 CVE
Roku Os
roku_os
1 CVE
Roku
roku
0 CVEs
Express
express
0 CVEs
Express 4k+
express_4k+
0 CVEs
Roku Tv
roku_tv
0 CVEs
Streambar
streambar
0 CVEs
Streambar Pro
streambar_pro
0 CVEs
Streaming Stick 4k
streaming_stick_4k
0 CVEs
Ultra
ultra
0 CVEs
Wireless Speakers
wireless_speakers
0 CVEs
Wireless Subwoofer
wireless_subwoofer
0 CVEs
Indoor Camera Se
indoor_camera_se
0 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-6324
4Owletcare
RokuThroughtek+1 more
5Cam 2 Firmware
Cam FirmwareCam V3 Firmware+2 more
Feb 11, 2025
May 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVE-2023-6323
4Owletcare
RokuThroughtek+1 more
5Cam 2 Firmware
Cam FirmwareCam V3 Firmware+2 more
Feb 11, 2025
May 15, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
CVE-2023-6322
3Roku
ThroughtekWyze
3Cam V3 Firmware
Indoor Camera Se FirmwareKalay Platform
Feb 11, 2025
May 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-...Show more
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.Show less
CVE-2022-27152
1Roku
1Roku Os
Nov 21, 2024
Apr 8, 2022
N/A· v4
5.7 MEDIUM· v3
2.7 LOW· v2
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.
CVE-2018-11314
1Roku
1Roku Firmware
Nov 21, 2024
Jul 3, 2018
N/A· v4
9.6 CRITICAL· v3
9.3 HIGH· v2
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an atta...Show more
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.Show less