CVE-2024-23928

Name of the Vulnerable Software and Affected Versions Pioneer DMH-WT7600NEX (affected versions not specified)

Description This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. No authentication is required to exploit this issue. The specific flaw exists within the telematics functionality, which operates over HTTPS. The problem results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this, in conjunction with other vulnerabilities, to execute arbitrary code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.