Cyber Resilience

CVE-2024-23929

High

Published: 31 January 2025

Published
31 January 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0003 10.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23929 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Pioneer Dmh-Wt7600Nex Firmware. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-23929 is a vulnerability in the telematics functionality of Pioneer DMH-WT7600NEX devices that allows network-adjacent attackers to create arbitrary files. The flaw stems from insufficient validation of user-supplied paths used in file operations. Although exploitation requires authentication, the mechanism can be bypassed, earning a CVSS v3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and mapping to CWE-863 (Incorrect Authorization).

Network-adjacent attackers with low privileges can exploit this issue to write arbitrary files on the device. When combined with other vulnerabilities, it enables arbitrary code execution in the context of root, potentially compromising the device's integrity and availability without impacting confidentiality.

Mitigation guidance is provided in the Zero Day Initiative advisory ZDI-24-1044 and Pioneer's support page at https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/. Security practitioners should consult these resources for patching or workaround details specific to affected installations.

EU & UK References

Vulnerability details

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality. The…

more

issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Arbitrary file write (post-auth bypass) directly enables ingress of tools/payloads and facilitates local priv-esc to root when chained.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-28951Shared CWE-863
CVE-2026-42432Shared CWE-863
CVE-2024-40771Shared CWE-863
CVE-2026-34972Shared CWE-863
CVE-2025-0360Shared CWE-863
CVE-2026-4639Shared CWE-863
CVE-2026-42429Shared CWE-863
CVE-2026-41404Shared CWE-863
CVE-2020-36969Shared CWE-863
CVE-2026-24428Shared CWE-863

Affected Assets

pioneer
dmh-wt7600nex firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of proper validation of user-supplied paths prior to file operations, preventing path traversal leading to arbitrary file creation.

prevent

Enforces approved authorizations for access to system resources like files, mitigating the incorrect authorization (CWE-863) and authentication bypass enabling unauthorized writes.

prevent

Enforces least privilege for low-privilege accounts, limiting the scope and impact of arbitrary file creation by network-adjacent attackers.

References