{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5834", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2025-06-06T19:40:50.204Z", "datePublished": "2025-06-25T17:58:03.727Z", "dateUpdated": "2025-06-25T18:25:01.536Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-06-25T17:58:03.727Z"}, "title": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability", "descriptions": [{"lang": "en", "value": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-26078."}], "affected": [{"vendor": "Pioneer", "product": "DMH-WT7600NEX", "versions": [{"version": "3.05", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1326", "description": "CWE-1326: Missing Immutable Root of Trust in Hardware", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-351/", "name": "ZDI-25-351", "tags": ["x_research-advisory"]}], "dateAssigned": "2025-06-06T19:40:50.233Z", "datePublic": "2025-06-11T17:29:49.034Z", "source": {"lang": "en", "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-25T18:24:52.453170Z", "id": "CVE-2025-5834", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T18:25:01.536Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5834", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-25T18:24:52.453170Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T18:24:55.726Z"}}], "cna": {"title": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability", "source": {"lang": "en", "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}}], "affected": [{"vendor": "Pioneer", "product": "DMH-WT7600NEX", "versions": [{"status": "affected", "version": "3.05"}], "defaultStatus": "unknown"}], "datePublic": "2025-06-11T17:29:49.034Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-351/", "name": "ZDI-25-351", "tags": ["x_research-advisory"]}], "dateAssigned": "2025-06-06T19:40:50.233Z", "descriptions": [{"lang": "en", "value": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-26078."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1326", "description": "CWE-1326: Missing Immutable Root of Trust in Hardware"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-06-25T17:58:03.727Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5834", "state": "PUBLISHED", "dateUpdated": "2025-06-25T18:25:01.536Z", "dateReserved": "2025-06-06T19:40:50.204Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2025-06-25T17:58:03.727Z", "assignerShortName": "zdi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:pioneer:dmh-wt7600nex_firmware:3.05:*:*:*:*:*:*:*", "matchCriteriaId": "AE9170F1-CDF6-49D5-9501-A3DA09D419CB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:pioneer:dmh-wt7600nex:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9082E28-D451-488C-A621-4A174B887EB3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-26078."}, {"lang": "es", "value": "Vulnerabilidad de escalada de privilegios locales de hardware: falta de ra\u00edz de confianza inmutable en el dispositivo Pioneer DMH-WT7600NEX. Esta vulnerabilidad permite a atacantes locales eludir la autenticaci\u00f3n en las instalaciones afectadas de los dispositivos Pioneer DMH-WT7600NEX. Si bien se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, el mecanismo de autenticaci\u00f3n existente puede eludirse. La falla espec\u00edfica se encuentra en la configuraci\u00f3n del sistema en chip (SoC) de la aplicaci\u00f3n. El problema se debe a la falta de una ra\u00edz de confianza de hardware correctamente configurada. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario durante el arranque. Anteriormente, se denomin\u00f3 ZDI-CAN-26078."}], "id": "CVE-2025-5834", "lastModified": "2025-07-08T14:51:29.567", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-06-25T18:15:24.337", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-351/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1326"}], "source": "[email protected]", "type": "Primary"}]}

{}