CVE-2024-41889

Summary

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.

Affected Software

VendorProductVersion RangeStatus
PimaxPimax Playprior to V1.21.01affected
PimaxPiToolall versionsaffected

Weaknesses

  • Improper restriction of communication channel to intended endpoints

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References