Lucene search

Japan Vulnerability NotesJVN:50850706

HistoryAug 05, 2024 - 12:00 a.m.

JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints

2024-08-0500:00:00

Japan Vulnerability Notes

jvn.jp

websocket

unintended endpoints

cwe-923

arbitrary code execution

software update

pimax play

pitool

security advisory.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

28.0%

JSON

Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpoints(CWE-923).

Impact

Arbitrary code may be executed by a remote unauthenticated attacker.

Solution

Update the Software
For Pimax Play, update the software to the latest version according to the information provided by the developer.

Stop using the products
According to the developer, PiTool is no longer supported. Stop using the product.

Products Affected

Pimax Play versions prior to V1.21.01
PiTool all versions

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

28.0%

JSON

Related for JVN:50850706