CVE-2024-23929
Published: 31 January 2025
Summary
CVE-2024-23929 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Pioneer Dmh-Wt7600Nex Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-23929 is a vulnerability in the telematics functionality of Pioneer DMH-WT7600NEX devices that allows network-adjacent attackers to create arbitrary files. The flaw stems from insufficient validation of user-supplied paths used in file operations. Although exploitation requires authentication, the mechanism can be bypassed, earning a CVSS v3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and mapping to CWE-863 (Incorrect Authorization).
Network-adjacent attackers with low privileges can exploit this issue to write arbitrary files on the device. When combined with other vulnerabilities, it enables arbitrary code execution in the context of root, potentially compromising the device's integrity and availability without impacting confidentiality.
Mitigation guidance is provided in the Zero Day Initiative advisory ZDI-24-1044 and Pioneer's support page at https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/. Security practitioners should consult these resources for patching or workaround details specific to affected installations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-21359
Vulnerability details
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality. The…
more
issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file write (post-auth bypass) directly enables ingress of tools/payloads and facilitates local priv-esc to root when chained.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the lack of proper validation of user-supplied paths prior to file operations, preventing path traversal leading to arbitrary file creation.
Enforces approved authorizations for access to system resources like files, mitigating the incorrect authorization (CWE-863) and authentication bypass enabling unauthorized writes.
Enforces least privilege for low-privilege accounts, limiting the scope and impact of arbitrary file creation by network-adjacent attackers.