HIGH🇬🇧 English

CVE-2025-5834

CVSS 7.8v3.1pub. 2025-06-25upd. 2025-07-08

Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-26078.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Pioneer Dmh Wt7600nex

    HW
    Pioneer
    wszystkie wersje
  • Pioneer Dmh Wt7600nex Firmware

    OS
    Pioneer
    3.05
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEAuth BypassLPE
CWE
Referencje

Powiązane podatności

CVE-2024-23929HIGH7.3ten sam produkt

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pi...

CVE-2025-5832MEDIUM6.8ten sam produkt

Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. Th...

CVE-2025-5833MEDIUM6.8ten sam produkt

Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulne...

CVE-2024-23928MEDIUM6.5ten sam produkt

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on ...

CVE-2024-23930MEDIUM4.3ten sam produkt

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected insta...