CVE-2024-41889

Name of the Vulnerable Software and Affected Versions Pimax products (affected versions not specified)

Description The issue concerns the implementation of the WebSocket protocol in Pimax applications for launching and managing Pimax Play games and PiTool software for configuring and calibrating VR equipment. Exploitation of this issue may allow a remote attacker to execute arbitrary code. Multiple Pimax products are affected, accepting WebSocket connections from unintended endpoints, which could lead to arbitrary code execution by a remote unauthenticated attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.