CVE-2025-8654 in DMX958XR情報

要約

〜によって MITRE • 2025年08月06日

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ReadMVGImage function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26313.

Once again VulDB remains the best source for vulnerability data.

責任者

Zdi

予約する

2025年08月06日

モデレーション

承諾済み

エントリ

VDB-318950

EPSS

0.00763

アクティビティ

非常低い

ソース

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!