Sign-up

ID

VAR-202508-0148


CVE

CVE-2025-8653


TITLE

JVCKENWOOD Corporation  of  DMX958XR  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-011018

DESCRIPTION

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKRadioService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26312. JVCKENWOOD Corporation of DMX958XR A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Kenwood DMX958XR is an in-vehicle infotainment system from Kenwood

Trust: 2.79

sources: NVD: CVE-2025-8653 // JVNDB: JVNDB-2025-011018 // ZDI: ZDI-25-801 // CNVD: CNVD-2025-20284

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20284

AFFECTED PRODUCTS

vendor:jvckenwoodmodel:dmx958xrscope:eqversion:1.0.0509.3100

Trust: 1.0

vendor:jvckenwoodmodel:dmx958xrscope:eqversion:dmx958xr firmware 1.0.0509.3100

Trust: 0.8

vendor:jvckenwoodmodel:dmx958xrscope: - version: -

Trust: 0.8

vendor:jvckenwoodmodel:dmx958xrscope:eqversion: -

Trust: 0.8

vendor:kenwoodmodel:dmx958xrscope: - version: -

Trust: 0.7

vendor:kenwoodmodel:dmx958xrscope:eqversion:1.0.0509.3100

Trust: 0.6

sources: ZDI: ZDI-25-801 // CNVD: CNVD-2025-20284 // JVNDB: JVNDB-2025-011018 // NVD: CVE-2025-8653

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2025-8653
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-011018
value: HIGH

Trust: 0.8

ZDI: CVE-2025-8653
value: HIGH

Trust: 0.7

CNVD: CNVD-2025-20284
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-20284
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2025-8653
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

OTHER: JVNDB-2025-011018
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2025-8653
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-801 // CNVD: CNVD-2025-20284 // JVNDB: JVNDB-2025-011018 // NVD: CVE-2025-8653

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-011018 // NVD: CVE-2025-8653

EXTERNAL IDS

db:NVDid:CVE-2025-8653

Trust: 3.9

db:ZDIid:ZDI-25-801

Trust: 2.5

db:JVNDBid:JVNDB-2025-011018

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-26312

Trust: 0.7

db:CNVDid:CNVD-2025-20284

Trust: 0.6

sources: ZDI: ZDI-25-801 // CNVD: CNVD-2025-20284 // JVNDB: JVNDB-2025-011018 // NVD: CVE-2025-8653

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-25-801/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-8653

Trust: 1.4

sources: CNVD: CNVD-2025-20284 // JVNDB: JVNDB-2025-011018 // NVD: CVE-2025-8653

CREDITS

hama7230

Trust: 0.7

sources: ZDI: ZDI-25-801

SOURCES

db:ZDIid:ZDI-25-801
db:CNVDid:CNVD-2025-20284
db:JVNDBid:JVNDB-2025-011018
db:NVDid:CVE-2025-8653

LAST UPDATE DATE

2025-09-08T23:10:23.488000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-801date:2025-08-05T00:00:00
db:CNVDid:CNVD-2025-20284date:2025-09-04T00:00:00
db:JVNDBid:JVNDB-2025-011018date:2025-08-08T07:05:00
db:NVDid:CVE-2025-8653date:2025-08-07T16:53:22.800

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-801date:2025-08-05T00:00:00
db:CNVDid:CNVD-2025-20284date:2025-09-05T00:00:00
db:JVNDBid:JVNDB-2025-011018date:2025-08-08T00:00:00
db:NVDid:CVE-2025-8653date:2025-08-06T02:15:54.083