How severe is CVE-2024-23929?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2024-23929?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-23929 - HIGH Severity | CVSS 8

Vulnerability Description

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

Related Vulnerabilities

CVE-2018-2494

HIGH

CVSS:8.0(High)

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Pl...

CWE-8632018

CVE-2020-36610

HIGH

CVSS:8.0(High)

A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be ...

CWE-8632020

CVE-2021-24905

HIGH

CVSS:8.0(High)

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, ...

CWE-8632021

CVE-2022-24128

HIGH

CVSS:8.0(High)

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivil...

CWE-8632022

CVE-2023-31403

HIGH

CVSS:8.0(High)

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB share...

CWE-8632023

CVE-2023-40315

HIGH

CVSS:8.0(High)

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other r...

CWE-8632023