CVE-2024-23930 | THREATINT

Description

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

PUBLISHED Reserved 2024-01-23 | Published 2025-01-31 | Updated 2025-08-26 | Assigner icscert

MEDIUM: 4.3CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-404

Product status

Default status

unaffected

all versions (semver)

affected

Credits

NCC Group EDG reported to ZDI finder

References

www.zerodayinitiative.com/advisories/ZDI-24-1043/

jpn.pioneer/ja/car/dl/dmh-sz700_sf700/

cve.org (CVE-2024-23930)

nvd.nist.gov (CVE-2024-23930)

Download JSON