← Back

CVE-2024-23922

nvd nist
Published: Sep 23, 2024Modified: Sep 30, 2024

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD

Description

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-22939

Affected (1)

Sony
1 product
Xav Ax5500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xav Ax5500 Firmware
Version 1.13
Running on/withPlatform Versions
Sony
Xav Ax5500
All versions

Related CWEs

CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (2)

Source: cve@asrg.io
Patch
Source: cve@asrg.io
Third Party AdvisoryVDB Entry

Timeline

No history available yet.