CVE-2024-41889

🗓️ 05 Aug 2024 04:36:27Reported by jpcertType

Pimax products accept WebSocket connections from unintended endpoints, leading to arbitrary code execution

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments like PiTool, allows a hacker to execute arbitrary code.	2 Sep 202400:00	–	bdu_fstec
Circl	CVE-2024-41889	5 Aug 202408:03	–	circl
CNNVD	Pimax Play 安全漏洞	5 Aug 202400:00	–	cnnvd
CVE	CVE-2024-41889	5 Aug 202404:36	–	cve
Japan Vulnerability Notes	JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints	5 Aug 202400:00	–	jvn
Japan Vulnerability Notes	Pimax Play and PiTool accept WebSocket connections from unintended endpoints	5 Aug 202404:58	–	jvn
NVD	CVE-2024-41889	5 Aug 202405:15	–	nvd
OSV	CVE-2024-41889	5 Aug 202405:15	–	osv
Positive Technologies	PT-2024-5835 · Pimax · Pimax	5 Aug 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-41889	9 Jan 202609:34	–	redhatcve

[
  {
    "vendor": "Pimax",
    "product": "Pimax Play",
    "versions": [
      {
        "version": "prior to V1.21.01",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Pimax",
    "product": "PiTool",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  }
]

Source	Link
pimax	www.pimax.com/pages/downloads-manuals
jvn	www.jvn.jp/en/jp/JVN50850706/
github	www.github.com/OpenMAR/PiTool

05 Aug 2024 04:36Current

EPSS0.01334