The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments like PiTool, allows a hacker to execute arbitrary code.

The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments called PiTool. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Overview Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpoints CWE-923. Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary code may be executed by a...

PT-2024-5835 · Pimax · Pimax

Name of the Vulnerable Software and Affected Versions: Pimax products affected versions not specified Description: The issue concerns the implementation of the WebSocket protocol in Pimax applications for launching and managing Pimax Play games and PiTool software for configuring and calibrating ...

JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpointsCWE-923. Impact Arbitrary code may be executed by a remote unauthenticated attacker. Solution Update the Software For Pimax Play, update the software to the latest version according to the information...