CVE-2024-41889

🗓️ 05 Aug 2024 04:36:27Reported by jpcertType

Pimax products accept WebSocket connections from unintended endpoints, allowing remote unauthenticated attackers to execute arbitrary cod

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments like PiTool, allows a hacker to execute arbitrary code.	2 Sep 202400:00	–	bdu_fstec
Circl	CVE-2024-41889	5 Aug 202408:03	–	circl
CNNVD	Pimax Play 安全漏洞	5 Aug 202400:00	–	cnnvd
Cvelist	CVE-2024-41889	5 Aug 202404:36	–	cvelist
Japan Vulnerability Notes	JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints	5 Aug 202400:00	–	jvn
Japan Vulnerability Notes	Pimax Play and PiTool accept WebSocket connections from unintended endpoints	5 Aug 202404:58	–	jvn
NVD	CVE-2024-41889	5 Aug 202405:15	–	nvd
OSV	CVE-2024-41889	5 Aug 202405:15	–	osv
Positive Technologies	PT-2024-5835 · Pimax · Pimax	5 Aug 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-41889	9 Jan 202609:34	–	redhatcve

NVD

Vulners

Node

pimax pitoolMatch-

pimax playRange<1.21.01

[
  {
    "vendor": "Pimax",
    "product": "Pimax Play",
    "versions": [
      {
        "version": "prior to V1.21.01",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Pimax",
    "product": "PiTool",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/OpenMAR/PiTool
pimax	www.pimax.com/pages/downloads-manuals
jvn	www.jvn.jp/en/jp/JVN50850706/

30 Aug 2024 17:53Current

7.7High risk

Vulners AI Score7.7

CVSS 3.18.8 - 9.8

EPSS0.01334

SSVC

CWE-923