Software Vulnerability on STR-DA5700ES and STR-DA3700ES Multi Channel AV Receivers
Cliquez ici pour la version française (Click here for French version).
Update - June 2013
A free firmware upgrade is available that resolves the vulnerability described below. For details please see the STR-DA5700ES/DA3700ES AV Receiver Firmware Upgrade page.
Thank you for using Sony products.
The Computer Emergency Response Team Coordination Center (CERT/CC) announced that there is a buffer overload vulnerability in the open source software for UPnP functions. Upon verifying Sony products, we discovered that this applies to the STR-DA5700ES and STR-DA3700ES Multi Channel AV Receivers equipped with network functionality.
The announcement from the CERT/CC can be viewed at http://www.kb.cert.org/vuls/id/922681.
Sony has confirmed that even if a malicious third party infiltrates the home network and gains control of the product, the vulnerability will not result in damage to the product. Menu operations may be rendered temporarily unavailable, however. You can continue using the product as usual until the firmware has been upgraded.
We apologize for any inconvenience or trouble this may cause users, and we ask for your cooperation and understanding.