Vulnerabilites related to Pioneer - DMH-WT7600NEX
Vulnerability from fkie_nvd
Published
2025-06-25 18:15
Modified
2025-07-08 14:52
Severity ?
Summary
Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the operating system. The issue results from the lack of properly configured protection for the root file system. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26077.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-350/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pioneer | dmh-wt7600nex_firmware | 3.05 | |
| pioneer | dmh-wt7600nex | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pioneer:dmh-wt7600nex_firmware:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9170F1-CDF6-49D5-9501-A3DA09D419CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pioneer:dmh-wt7600nex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9082E28-D451-488C-A621-4A174B887EB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the operating system. The issue results from the lack of properly configured protection for the root file system. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26077."
},
{
"lang": "es",
"value": "Vulnerabilidad de verificaci\u00f3n insuficiente de la autenticidad de datos en el sistema de archivos ra\u00edz del Pioneer DMH-WT7600NEX. Esta vulnerabilidad permite a atacantes presentes f\u00edsicamente eludir la autenticaci\u00f3n en las instalaciones afectadas de los dispositivos Pioneer DMH-WT7600NEX. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica se encuentra en la configuraci\u00f3n del sistema operativo. El problema se debe a la falta de una protecci\u00f3n configurada correctamente para el sistema de archivos ra\u00edz. Un atacante puede aprovechar esta vulnerabilidad para eludir la autenticaci\u00f3n en el sistema. Anteriormente, se denominaba ZDI-CAN-26077."
}
],
"id": "CVE-2025-5833",
"lastModified": "2025-07-08T14:52:15.600",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-25T18:15:24.203",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-350/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-25 18:15
Modified
2025-07-08 14:51
Severity ?
Summary
Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-26078.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-351/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pioneer | dmh-wt7600nex_firmware | 3.05 | |
| pioneer | dmh-wt7600nex | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pioneer:dmh-wt7600nex_firmware:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9170F1-CDF6-49D5-9501-A3DA09D419CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pioneer:dmh-wt7600nex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9082E28-D451-488C-A621-4A174B887EB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-26078."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalada de privilegios locales de hardware: falta de ra\u00edz de confianza inmutable en el dispositivo Pioneer DMH-WT7600NEX. Esta vulnerabilidad permite a atacantes locales eludir la autenticaci\u00f3n en las instalaciones afectadas de los dispositivos Pioneer DMH-WT7600NEX. Si bien se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, el mecanismo de autenticaci\u00f3n existente puede eludirse. La falla espec\u00edfica se encuentra en la configuraci\u00f3n del sistema en chip (SoC) de la aplicaci\u00f3n. El problema se debe a la falta de una ra\u00edz de confianza de hardware correctamente configurada. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario durante el arranque. Anteriormente, se denomin\u00f3 ZDI-CAN-26078."
}
],
"id": "CVE-2025-5834",
"lastModified": "2025-07-08T14:51:29.567",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-25T18:15:24.337",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-351/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1326"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-31 01:15
Modified
2025-07-01 14:15
Severity ?
Summary
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pioneer | dmh-wt7600nex_firmware | * | |
| pioneer | dmh-wt7600nex | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pioneer:dmh-wt7600nex_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02D0AE30-A9A3-4FB3-80A2-6D2123004B31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pioneer:dmh-wt7600nex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9082E28-D451-488C-A621-4A174B887EB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a los atacantes adyacentes a la red crear archivos arbitrarios en las instalaciones afectadas de los dispositivos Pioneer DMH-WT7600NEX. Aunque se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, se puede eludir el mecanismo de autenticaci\u00f3n existente. La falla espec\u00edfica existe dentro de la funcionalidad telem\u00e1tica. El problema es el resultado de la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones con archivos. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz."
}
],
"id": "CVE-2024-23929",
"lastModified": "2025-07-01T14:15:32.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-01-31T01:15:09.697",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1044/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-31 00:15
Modified
2025-06-30 18:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pioneer | dmh-wt7600nex_firmware | * | |
| pioneer | dmh-wt7600nex | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pioneer:dmh-wt7600nex_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02D0AE30-A9A3-4FB3-80A2-6D2123004B31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pioneer:dmh-wt7600nex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9082E28-D451-488C-A621-4A174B887EB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a los atacantes adyacentes a la red crear una condici\u00f3n de denegaci\u00f3n de servicio en las instalaciones afectadas de los dispositivos Pioneer DMH-WT7600NEX. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro del servicio de medios, que escucha en el puerto TCP 42000 de manera predeterminada. El problema es el resultado de una gesti\u00f3n inadecuada de las condiciones de error. Un atacante puede aprovechar esta vulnerabilidad para crear una condici\u00f3n de denegaci\u00f3n de servicio en el sistema."
}
],
"id": "CVE-2024-23930",
"lastModified": "2025-06-30T18:15:23.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-31T00:15:09.147",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1043/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-31 00:15
Modified
2025-07-09 15:22
Severity ?
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/ | Product | |
| ics-cert@hq.dhs.gov | https://www.zerodayinitiative.com/advisories/ZDI-24-1045/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pioneer | dmh-wt7600nex_firmware | * | |
| pioneer | dmh-wt7600nex | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pioneer:dmh-wt7600nex_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02D0AE30-A9A3-4FB3-80A2-6D2123004B31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pioneer:dmh-wt7600nex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9082E28-D451-488C-A621-4A174B887EB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a los atacantes adyacentes a la red comprometer la integridad de la informaci\u00f3n descargada en las instalaciones afectadas de los dispositivos Pioneer DMH-WT7600NEX. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la funcionalidad telem\u00e1tica, que opera a trav\u00e9s de HTTPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada del certificado presentado por el servidor. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del root.\n"
}
],
"id": "CVE-2024-23928",
"lastModified": "2025-07-09T15:22:13.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2025-01-31T00:15:09.030",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1045/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-25 18:15
Modified
2025-07-08 14:52
Severity ?
Summary
Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the software update verification process. The issue results from the lack of validating all the data in the software update. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26079.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-352/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pioneer | dmh-wt7600nex_firmware | 3.05 | |
| pioneer | dmh-wt7600nex | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pioneer:dmh-wt7600nex_firmware:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9170F1-CDF6-49D5-9501-A3DA09D419CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pioneer:dmh-wt7600nex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9082E28-D451-488C-A621-4A174B887EB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the software update verification process. The issue results from the lack of validating all the data in the software update. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26079."
},
{
"lang": "es",
"value": "Vulnerabilidad de verificaci\u00f3n insuficiente de la autenticidad de los datos en la firma de actualizaciones de software del Pioneer DMH-WT7600NEX. Esta vulnerabilidad permite a atacantes con presencia f\u00edsica ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los dispositivos Pioneer DMH-WT7600NEX. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica se encuentra en el proceso de verificaci\u00f3n de actualizaciones de software. El problema se debe a la falta de validaci\u00f3n de todos los datos en la actualizaci\u00f3n de software. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del dispositivo. Era ZDI-CAN-26079."
}
],
"id": "CVE-2025-5832",
"lastModified": "2025-07-08T14:52:30.267",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2025-06-25T18:15:24.077",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-352/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
CVE-2025-5833 (GCVE-0-2025-5833)
Vulnerability from cvelistv5
Published
2025-06-25 17:58
Modified
2025-06-25 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the operating system. The issue results from the lack of properly configured protection for the root file system. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26077.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pioneer | DMH-WT7600NEX |
Version: 3.05 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T18:23:25.395564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T18:23:36.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DMH-WT7600NEX",
"vendor": "Pioneer",
"versions": [
{
"status": "affected",
"version": "3.05"
}
]
}
],
"dateAssigned": "2025-06-06T19:40:42.547Z",
"datePublic": "2025-06-11T17:27:53.809Z",
"descriptions": [
{
"lang": "en",
"value": "Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the operating system. The issue results from the lack of properly configured protection for the root file system. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26077."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T17:58:18.809Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-350",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-350/"
}
],
"source": {
"lang": "en",
"value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"
},
"title": "Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-5833",
"datePublished": "2025-06-25T17:58:18.809Z",
"dateReserved": "2025-06-06T19:40:42.518Z",
"dateUpdated": "2025-06-25T18:23:36.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5832 (GCVE-0-2025-5832)
Vulnerability from cvelistv5
Published
2025-06-25 17:57
Modified
2025-06-25 18:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the software update verification process. The issue results from the lack of validating all the data in the software update. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26079.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pioneer | DMH-WT7600NEX |
Version: 3.05 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5832",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T18:26:11.005588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T18:26:28.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DMH-WT7600NEX",
"vendor": "Pioneer",
"versions": [
{
"status": "affected",
"version": "3.05"
}
]
}
],
"dateAssigned": "2025-06-06T19:40:35.394Z",
"datePublic": "2025-06-11T17:29:56.968Z",
"descriptions": [
{
"lang": "en",
"value": "Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the software update verification process. The issue results from the lack of validating all the data in the software update. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26079."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T17:57:44.111Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-352",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-352/"
}
],
"source": {
"lang": "en",
"value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"
},
"title": "Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-5832",
"datePublished": "2025-06-25T17:57:44.111Z",
"dateReserved": "2025-06-06T19:40:35.349Z",
"dateUpdated": "2025-06-25T18:26:28.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23928 (GCVE-0-2024-23928)
Vulnerability from cvelistv5
Published
2025-01-31 00:09
Modified
2025-07-01 13:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pioneer | DMH-WT7600NEX |
Version: all versions ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:37:50.661426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:38:31.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DMH-WT7600NEX",
"vendor": "Pioneer",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NCC Group EDG reported this to ZDI."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\u003c/p\u003e"
}
],
"value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T17:21:51.410Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1045/"
},
{
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application\n\n\u003cbr\u003e"
}
],
"value": "Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-23928",
"datePublished": "2025-01-31T00:09:46.661Z",
"dateReserved": "2024-01-23T21:45:25.299Z",
"dateUpdated": "2025-07-01T13:38:31.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23930 (GCVE-0-2024-23930)
Vulnerability from cvelistv5
Published
2025-01-31 00:01
Modified
2025-06-30 17:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pioneer | DMH-WT7600NEX |
Version: all versions ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T15:19:07.179275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:20:38.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DMH-WT7600NEX",
"vendor": "Pioneer",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NCC Group EDG reported to ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.\u003c/p\u003e"
}
],
"value": "This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T17:28:19.529Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1043/"
},
{
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Pioneer DMH-WT7600NEX Media Service Improper Handling of Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application\u003cbr\u003e"
}
],
"value": "Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-23930",
"datePublished": "2025-01-31T00:01:54.514Z",
"dateReserved": "2024-01-23T21:45:30.919Z",
"dateUpdated": "2025-06-30T17:28:19.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23929 (GCVE-0-2024-23929)
Vulnerability from cvelistv5
Published
2025-01-31 00:13
Modified
2025-07-01 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pioneer | DMH-WT7600NEX |
Version: all versions ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T16:49:39.341386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:37:17.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DMH-WT7600NEX",
"vendor": "Pioneer",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NCC Group EDG reported this to ZDI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\u003c/p\u003e"
}
],
"value": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T17:23:59.921Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1044/"
},
{
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Pioneer DMH-WT7600NEX Telematics Directory Traversal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application\n\n\u003cbr\u003e"
}
],
"value": "Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-23929",
"datePublished": "2025-01-31T00:13:03.982Z",
"dateReserved": "2024-01-23T21:45:25.299Z",
"dateUpdated": "2025-07-01T13:37:17.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5834 (GCVE-0-2025-5834)
Vulnerability from cvelistv5
Published
2025-06-25 17:58
Modified
2025-06-25 18:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1326 - Missing Immutable Root of Trust in Hardware
Summary
Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-26078.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pioneer | DMH-WT7600NEX |
Version: 3.05 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T18:24:52.453170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T18:25:01.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DMH-WT7600NEX",
"vendor": "Pioneer",
"versions": [
{
"status": "affected",
"version": "3.05"
}
]
}
],
"dateAssigned": "2025-06-06T19:40:50.233Z",
"datePublic": "2025-06-11T17:29:49.034Z",
"descriptions": [
{
"lang": "en",
"value": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-26078."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1326",
"description": "CWE-1326: Missing Immutable Root of Trust in Hardware",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T17:58:03.727Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-351",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-351/"
}
],
"source": {
"lang": "en",
"value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"
},
"title": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-5834",
"datePublished": "2025-06-25T17:58:03.727Z",
"dateReserved": "2025-06-06T19:40:50.204Z",
"dateUpdated": "2025-06-25T18:25:01.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}