Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.
[
{
"vendor": "Pimax",
"product": "Pimax Play",
"versions": [
{
"version": "prior to V1.21.01",
"status": "affected"
}
]
},
{
"vendor": "Pimax",
"product": "PiTool",
"versions": [
{
"version": "all versions",
"status": "affected"
}
]
}
]