Multiple vulnerabilities in Pioneer DMH-WT7600NEX
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2025-5833 CVE-2025-5832 CVE-2025-5834 |
| CWE-ID | CWE-345 CWE-1326 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
DMH-WT7600NEX Hardware solutions / Firmware |
| Vendor | Pioneer Electronics |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Insufficient verification of data authenticity
EUVDB-ID: #VU111133
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-5833
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to insufficient verification of data authenticity within the configuration of the operating system. An attacker with physical access can bypass authentication on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDMH-WT7600NEX: before 3.06
CPE2.3 External linkshttps://www.zerodayinitiative.com/advisories/ZDI-25-350/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficient verification of data authenticity
EUVDB-ID: #VU111135
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-5832
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the lack of validating all the data in the software update. An attacker with physical access can bypass authentication and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDMH-WT7600NEX: before 3.06
CPE2.3 External linkshttps://www.zerodayinitiative.com/advisories/ZDI-25-352/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing Immutable Root of Trust in Hardware
EUVDB-ID: #VU111134
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-5834
CWE-ID:
CWE-1326 - Missing Immutable Root of Trust in Hardware
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to lack of a properly configured hardware root of trust within the configuration of the application system-on-chip (SoC). A local administrator can execute arbitrary code on the system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDMH-WT7600NEX: before 3.06
CPE2.3 External linkshttps://www.zerodayinitiative.com/advisories/ZDI-25-351/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
