CVE-2024-41889

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pimax:pitool:-:*:*:*:*:*:*:*
cpe:2.3:a:pimax:play:*:*:*:*:*:*:*:*

History

30 Aug 2024, 17:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:pimax:pitool:-:*:*:*:*:*:*:*
cpe:2.3:a:pimax:play:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other
References () https://github.com/OpenMAR/PiTool - () https://github.com/OpenMAR/PiTool - Product
References () https://jvn.jp/en/jp/JVN50850706/ - () https://jvn.jp/en/jp/JVN50850706/ - Third Party Advisory
References () https://pimax.com/pages/downloads-manuals - () https://pimax.com/pages/downloads-manuals - Product
First Time Pimax play
Pimax
Pimax pitool

07 Aug 2024, 19:35

Type Values Removed Values Added
CWE CWE-923
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Varios productos Pimax aceptan conexiones WebSocket desde endpoints no deseados. Si se aprovecha esta vulnerabilidad, un atacante remoto no autenticado puede ejecutar código arbitrario.

05 Aug 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-05 05:15

Updated : 2024-08-30 17:53


NVD link : CVE-2024-41889

Mitre link : CVE-2024-41889

CVE.ORG link : CVE-2024-41889


JSON object : View

Products Affected

pimax

  • play
  • pitool
CWE
NVD-CWE-Other CWE-923

Improper Restriction of Communication Channel to Intended Endpoints