Primary

Context

Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability

Vulnerability

A vulnerability exists in the Pioneer DMH-WT7600NEX device within the telematics functionality, allowing network-adjacent attackers to create arbitrary files. This issue arises from inadequate validation of user-supplied paths before they are used in file operations. Although authentication is required to exploit this vulnerability, the authentication mechanism can be bypassed. Attackers could potentially combine this vulnerability with others to execute arbitrary code with root privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized file creation, with the potential for executing arbitrary code as the root user.

Remediation

Pioneer has released a patch for this vulnerability. Instructions for downloading the update can be found on the Pioneer Japan website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating