CNNVD-202508-470 Information

CNNVD ID

CNNVD-202508-470

Related CVE

CVE-2025-8654

• CNNVD Published: 2025-08-06

Description (Chinese)

Kenwood DMX958XR是Kenwood公司的一款车载信息娱乐系统。 Kenwood DMX958XR存在操作系统命令注入漏洞，该漏洞源于ReadMVGImage函数未正确验证用户提供的字符串，可能导致远程代码执行。

Description (English)

Kenwood DMX958XR is a vehicle-borne information entertainment system for Kenwood. Kenwood DMX958XR has a bug in the operating system command, which stems from the fact that the ReadMVGImage function does not correctly verify the string provided by the user, which may lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Kenwood

Published

2025-08-06

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-802/