← Back

CVE-2025-8653

nvd nist
Published: Aug 6, 2025Modified: Aug 7, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: zdi-disclosures@trendmicro.com (Secondary)

Description

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKRadioService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26312.

Affected (1)

Jvckenwood
1 product
Dmx958xr Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dmx958xr Firmware
Version 1.0.0509.3100
Running on/withPlatform Versions
Jvckenwood
Dmx958xr
All versions

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (1)

Source: zdi-disclosures@trendmicro.com
Third Party Advisory

Timeline

No history available yet.