216.73.216.133

CVE-2024-23922

· Published 23/09/2024 15:15 · Modified 30/09/2024 15:37

Labels: CVE-2024-23922 2024-09-23CVE-2024-23922CWE-345[email protected]

Essential information

Published
23/09/2024 15:15
Modified
30/09/2024 15:37
Author
Creator
CVSS
6.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-22939

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sony / xav-ax5500 firmware cpe:2.3:o:sony:xav-ax5500_firmware:1.13:*:*:*:*:*:*:*
sony / xav-ax5500 cpe:2.3:h:sony:xav-ax5500:-:*:*:*:*:*:*:*

References