CVE-2024-23929
Published: 31 January 2025
Description
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
Security Summary
CVE-2024-23929 is a vulnerability in the telematics functionality of Pioneer DMH-WT7600NEX devices that allows network-adjacent attackers to create arbitrary files. The flaw stems from insufficient validation of user-supplied paths used in file operations. Although exploitation requires authentication, the mechanism can be bypassed, earning a CVSS v3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and mapping to CWE-863 (Incorrect Authorization).
Network-adjacent attackers with low privileges can exploit this issue to write arbitrary files on the device. When combined with other vulnerabilities, it enables arbitrary code execution in the context of root, potentially compromising the device's integrity and availability without impacting confidentiality.
Mitigation guidance is provided in the Zero Day Initiative advisory ZDI-24-1044 and Pioneer's support page at https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/. Security practitioners should consult these resources for patching or workaround details specific to affected installations.
Details
- CWE(s)