The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roku roku_firmware - |