CVE-2024-23929

Name of the Vulnerable Software and Affected Versions Pioneer DMH-WT7600NEX (affected versions not specified)

Description This issue allows network-adjacent attackers to create arbitrary files on affected installations. Although authentication is required to exploit this, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality and results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.