CVE-2024-48542

HIGH

Yamaha Headphones Controller 1.6.7 - Info Disclosure

Title source: llm

Description

Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.

References (1)

Core 1

Core References

Various Sources

https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.yamaha.sc.hpcontroller/com.yamaha.sc.hpcontroller.md

View Writeup ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0009

EPSS Percentile 25.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Published Oct 24, 2024

Tracked Since Feb 18, 2026