HIGH🇵🇱 Wersja polska

CVE-2024-23929

CVSS 7.3v3.1pub. 2025-01-31upd. 2025-07-01

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • Pioneer Dmh Wt7600nex

    HW
    Pioneer
    wszystkie wersje
  • Pioneer Dmh Wt7600nex Firmware

    OS
    Pioneer
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-5834HIGH7.8ten sam produkt

Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. Th...

CVE-2025-5832MEDIUM6.8ten sam produkt

Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. Th...

CVE-2025-5833MEDIUM6.8ten sam produkt

Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulne...

CVE-2024-23928MEDIUM6.5ten sam produkt

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on ...

CVE-2024-23930MEDIUM4.3ten sam produkt

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected insta...