Site icon API Security Blog

JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpoints(CWE-923). ## Impact Arbitrary code may be executed by a remote unauthenticated attacker. ## Solution Update the Software For Pimax Play, update the software to the latest version according to the information provided by the developer. Stop using the products According to the developer, PiTool is no longer supported. Stop using the product. ## Products Affected Pimax Play versions prior to V1.21.01 PiTool all…Read More

Exit mobile version