← Back

CVE-2024-23929

nvd nist
Published: Jan 31, 2025Modified: Jul 1, 2025

JSON object

Loading...
7.3
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Exploitability: 2.1 / Impact: 5.2
Source: ics-cert@hq.dhs.gov (Secondary)

Description

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

Affected (1)

Pioneer
1 product
Dmh Wt7600nex Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dmh Wt7600nex Firmware
All versions
Running on/withPlatform Versions
Pioneer
Dmh Wt7600nex
All versions

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Third Party Advisory

Timeline

No history available yet.