Software Vulnerability on STR-DA5700ES and STR-DA3700ES Multi Channel AV Receivers
Cliquez ici pour la version française (Click here for French version).
Update - June 2013
A free firmware upgrade is available that resolves the vulnerability described below. For details please see the STR-DA5700ES/DA3700ES AV Receiver Firmware Upgrade page.
Thank you for using Sony products.
The Computer Emergency Response Team Coordination Center (CERT/CC) announced that there is a buffer overload vulnerability in the open source software for UPnP functions. Upon verifying Sony products, we discovered that this applies to the STR-DA5700ES and STR-DA3700ES Multi Channel AV Receivers equipped with network functionality.
The announcement from the CERT/CC can be viewed at http://www.kb.cert.org/vuls/id/922681.
Sony has confirmed that even if a malicious third party infiltrates the home network and gains control of the product, the vulnerability will not result in damage to the product. Menu operations may be rendered temporarily unavailable, however. You can continue using the product as usual until the firmware has been upgraded.
We apologize for any inconvenience or trouble this may cause users, and we ask for your cooperation and understanding.
Product Repair
Repair information and service assistance
Contact Support
Product support & customer relations
Register a Product
Keep track of all your products in one location
Parts & Accessories
Product information and sales assistance
Community
A place where you can find solutions and ask questions
Support by Sony (Mobile App)
Get Support Content on the Go!
