The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments like PiTool, allows a hacker to execute arbitrary code.

The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments called PiTool. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Overview Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpoints CWE-923. Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary code may be executed by a...

Pimax Play 安全漏洞

Pimax Play is a virtual reality driver from the Chinese company Xiaopai Pimax. A security vulnerability exists in Pimax Play versions prior to V1.21.01, which stems from accepting a WebSocket connection from an unintended endpoint, where an unauthenticated, remote attacker may be able to execute...

JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpointsCWE-923. Impact Arbitrary code may be executed by a remote unauthenticated attacker. Solution Update the Software For Pimax Play, update the software to the latest version according to the information...

PT-2024-5835 · Pimax · Pimax

Name of the Vulnerable Software and Affected Versions: Pimax products affected versions not specified Description: The issue concerns the implementation of the WebSocket protocol in Pimax applications for launching and managing Pimax Play games and PiTool software for configuring and calibrating ...