CVE-2024-23930

Опубликовано: 31 янв. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 6.5

EPSS Низкий

Описание

The specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Ссылки

https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/
https://www.zerodayinitiative.com/advisories/ZDI-24-1043/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:pioneer:dmh-wt7600nex_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pioneer:dmh-wt7600nex:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00169

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-404

Связанные уязвимости

GHSA-jh84-mrjc-wxm4

CVSS3: 6.5

github

около 1 года назад

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

EPSS

Процентиль: 38%

0.00169

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-404