A critical remote code execution vulnerability in the Sonos Era 300 allows unauthenticated attackers to execute arbitrary code at the kernel level.

This is an out-of-bounds memory access vulnerability in the handling of the DataOffset field within SMB responses. The flaw permits unauthenticated remote attackers to execute code in the kernel context.

With a CVSS score of 10.0, this is a critical-severity issue. An attacker could achieve full control over the device, potentially using it as a beachhead for further network exploitation, data interception, or denial-of-service against the local environment.

Immediate Action: Update the Sonos Era 300 firmware to the latest version provided by the manufacturer.

Proactive Monitoring: Monitor network traffic for unusual SMB protocol activity or unauthorized connection attempts targeting Sonos devices.

Compensating Controls: Isolate Sonos devices on a restricted, non-critical VLAN to limit the potential impact of a device-level compromise.

Public Exploit Available: No

Given the kernel-level impact and the potential for device control, immediate firmware updates are essential. Network administrators should ensure these devices are appropriately segmented.