The Kenwood DMX958XR device is vulnerable to a command injection flaw that arises during the firmware update process. This vulnerability permits an attacker with physical access to execute arbitrary code by sending a user-supplied string without adequate validation. This exploitation allows malicious actors to run code with root privileges, compromising the device's integrity and security.
https://securityvulnerability.io/vulner ... -2025-8655