216.73.217.172

CVE-2025-5832

· Published 25/06/2025 18:15 · Modified 26/06/2025 18:57

Labels: CVE-2025-5832 2025-06-25CVE-2025-5832CWE-345[email protected]

Essential information

Published
25/06/2025 18:15
Modified
26/06/2025 18:57
Author
Creator
CVSS
6.8 MEDIUM (v3.0)
CISA KEV
No
CWE
CVSS vector
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the software update verification process. The issue results from the lack of validating all the data in the software update. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26079.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
pioneer / dmh-wt7600nex cpe:2.3:a:pioneer:dmh-wt7600nex:*:*:*:*:*:*:*:*

References