MEDIUM🇵🇱 Wersja polska

CVE-2024-23928

CVSS 6.5v3.1pub. 2025-01-31upd. 2025-07-09

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Pioneer Dmh Wt7600nex

    HW
    Pioneer
    wszystkie wersje
  • Pioneer Dmh Wt7600nex Firmware

    OS
    Pioneer
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-5834HIGH7.8ten sam produkt

Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. Th...

CVE-2024-23929HIGH7.3ten sam produkt

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pi...

CVE-2025-5832MEDIUM6.8ten sam produkt

Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. Th...

CVE-2025-5833MEDIUM6.8ten sam produkt

Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulne...

CVE-2024-23930MEDIUM4.3ten sam produkt

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected insta...