How severe is CVE-2024-23922?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-23922?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2024-23922 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-22939

Related Vulnerabilities

CVE-2019-16398

MEDIUM

CVSS:6.8(Medium)

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.

CWE-3452019

CVE-2020-24395

MEDIUM

CVSS:6.8(Medium)

The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validatio...

CWE-3452020

CVE-2020-3220

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, ...

CWE-3452020

CVE-2021-33887

MEDIUM

CVSS:6.8(Medium)

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootload...

CWE-3452021

CVE-2021-44850

MEDIUM

CVSS:6.8(Medium)

On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated ...

CWE-3452021

CVE-2023-35719

MEDIUM

CVSS:6.8(Medium)

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitr...

CWE-3452023