CVE-2024-23922
MEDIUMSony Xav-ax5500 Firmware - Data Authenticity Bypass
Title source: ruleDescription
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-22939
Exploits (1)
exploitdb
WORKING POC
by lkushinada · pythonremotemultiple
https://www.exploit-db.com/exploits/52143
Scores
CVSS v3
6.8
EPSS
0.0178
EPSS Percentile
82.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-345
Status
published
Products (1)
sony/xav-ax5500_firmware
1.13
Published
Sep 23, 2024
Tracked Since
Feb 18, 2026