{"vulnerability": "cve-2024-2393", "sightings": [{"uuid": "8c344511-7bee-4e62-bc3f-adbb16f8f0a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23937", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3536", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23937\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device.\n\ud83d\udccf Published: 2025-01-31T00:30:44Z\n\ud83d\udccf Modified: 2025-01-31T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23937\n2. https://community.silabs.com/a45Vm0000000Atp\n3. https://www.zerodayinitiative.com/advisories/ZDI-24-869", "creation_timestamp": "2025-01-31T01:12:19.000000Z"}, {"uuid": "5a99a23d-97c1-4679-8c10-712c2663c9df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23930", "type": "seen", "source": "https://t.me/cvedetector/16852", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23930 - \"Pioneer DMH-WT7600NEX Media Service Denial-of-Service Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-23930 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:08.000000Z"}, {"uuid": "5a973b04-feaf-4e05-b703-dbf472307975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23935", "type": "seen", "source": "https://t.me/cvedetector/6604", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23935 - Alpine Halo9 Bluetooth DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-23935 \nPublished : Sept. 28, 2024, 7:15 a.m. | 36\u00a0minutes ago \nDescription : Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.  \n  \nThe specific flaw exists within the DecodeUTF7 function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.  \n  \nWas ZDI-CAN-23249 \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-28T10:18:21.000000Z"}, {"uuid": "89c773e4-a04d-410f-a277-b870fb008ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23938", "type": "seen", "source": "https://t.me/cvedetector/6595", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23938 - Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23938 \nPublished : Sept. 28, 2024, 6:15 a.m. | 19\u00a0minutes ago \nDescription : Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the debug interface. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.  \n  \nWas ZDI-CAN-23184 \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-28T08:37:50.000000Z"}, {"uuid": "6588b4f7-a663-4b2e-89fa-92595fdb8c7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2393", "type": "seen", "source": "https://t.me/ctinow/205695", "content": "https://ift.tt/3pgy4Aq\nCVE-2024-2393", "creation_timestamp": "2024-03-12T14:32:05.000000Z"}, {"uuid": "ff9c8000-f7d8-49ec-8fb4-3568088ea284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23930", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920073736767116", "content": "", "creation_timestamp": "2025-01-31T00:12:55.776357Z"}, {"uuid": "0e6aa389-6a82-4996-8f6b-6954c0375bb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23937", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920073751259305", "content": "", "creation_timestamp": "2025-01-31T00:12:55.967879Z"}, {"uuid": "80336d89-241c-40c1-9603-dff14b1e2f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23930", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypv34ecz2c", "content": "", "creation_timestamp": "2025-01-31T00:17:00.444418Z"}, {"uuid": "e537ba63-b0c0-4c6b-b582-00961e250739", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23937", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypv5knv42t", "content": "", "creation_timestamp": "2025-01-31T00:17:03.029169Z"}, {"uuid": "2f109c51-deef-42d9-a183-1dbbf90ecbfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23930", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3535", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23930\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.\n\ud83d\udccf Published: 2025-01-31T00:30:44Z\n\ud83d\udccf Modified: 2025-01-31T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23930\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1043", "creation_timestamp": "2025-01-31T01:12:15.000000Z"}, {"uuid": "e9146f7a-8a5f-44e8-97aa-5bd5e109fe07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23937", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20035", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23937\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device.\n\ud83d\udccf Published: 2025-01-31T00:07:40.930Z\n\ud83d\udccf Modified: 2025-07-01T13:40:42.425Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-869/\n2. https://community.silabs.com/a45Vm0000000Atp", "creation_timestamp": "2025-07-01T14:11:23.000000Z"}, {"uuid": "8b9eee18-e413-4319-b584-93dc0c6a95ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23937", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7509", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23937\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device.\n\ud83d\udccf Published: 2025-01-31T00:07:40.930Z\n\ud83d\udccf Modified: 2025-03-13T20:24:00.226Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-869/\n2. https://community.silabs.com/a45Vm0000000Atp", "creation_timestamp": "2025-03-13T20:43:20.000000Z"}, {"uuid": "9b639b0b-c5dd-49cb-a747-b4b0f88b788c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2393", "type": "seen", "source": "https://t.me/ctinow/205700", "content": "https://ift.tt/3pgy4Aq\nCVE-2024-2393", "creation_timestamp": "2024-03-12T14:32:10.000000Z"}, {"uuid": "3754858d-3269-4fc8-a5fb-a4cbe5ad1028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23937", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y2shkt2k", "content": "", "creation_timestamp": "2025-01-31T03:35:37.821279Z"}, {"uuid": "eba8251b-ed0c-481f-a4aa-d8450bbae415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23930", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19958", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23930\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.\n\ud83d\udccf Published: 2025-01-31T00:01:54.514Z\n\ud83d\udccf Modified: 2025-06-30T17:28:19.529Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1043/\n2. https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/", "creation_timestamp": "2025-06-30T18:08:14.000000Z"}, {"uuid": "b17a9c2c-9e8f-4e3b-94ac-f45b61a23b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23937", "type": "seen", "source": "https://t.me/cvedetector/16853", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23937 - Silicon Labs Gecko OS Format String Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23937 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:12.000000Z"}, {"uuid": "bd8a4010-b203-4b65-a276-1bbec307e4c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23933", "type": "seen", "source": "https://t.me/cvedetector/6186", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23933 - Sony XAV-AX5500 CarPlay Stack-based Buffer Overflow Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-23933 \nPublished : Sept. 23, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of  Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.  \n  \nWas ZDI-CAN-23238 \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-23T17:59:25.000000Z"}, {"uuid": "bf8a0074-69bd-4317-805e-cb60b5dc3b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23934", "type": "seen", "source": "https://t.me/cvedetector/6185", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23934 - Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-23934 \nPublished : Sept. 23, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.  \n  \nThe specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.  \n  \n. Was ZDI-CAN-22994. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-23T17:59:24.000000Z"}, {"uuid": "847e1164-2c8c-4666-bfea-c0faa0445497", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23930", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920092751832450", "content": "", "creation_timestamp": "2025-01-31T00:17:46.010912Z"}, {"uuid": "44bc8332-b3c9-4ccb-910c-da803f6eef2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23937", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920092785772869", "content": "", "creation_timestamp": "2025-01-31T00:17:46.220312Z"}, {"uuid": "03719e3d-108b-4acf-88cd-8d71ce122bde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23930", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2xzgzck2i", "content": "", "creation_timestamp": "2025-01-31T03:35:30.972733Z"}]}