SB2025061328 - Multiple vulnerabilities in Pioneer DMH-WT7600NEX

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Insufficient verification of data authenticity (CVE-ID: CVE-2025-5833)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficient verification of data authenticity within the configuration of the operating system. An attacker with physical access can bypass authentication on the system.

2) Insufficient verification of data authenticity (CVE-ID: CVE-2025-5832)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the lack of validating all the data in the software update. An attacker with physical access can bypass authentication and execute arbitrary code on the system.

3) Missing Immutable Root of Trust in Hardware (CVE-ID: CVE-2025-5834)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to lack of a properly configured hardware root of trust within the configuration of the application system-on-chip (SoC). A local administrator can execute arbitrary code on the system with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://www.zerodayinitiative.com/advisories/ZDI-25-350/
• https://www.zerodayinitiative.com/advisories/ZDI-25-352/
• https://www.zerodayinitiative.com/advisories/ZDI-25-351/