Multiple vulnerabilities in Apple watchOS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 18 |
| CVE-ID | CVE-2025-24086 CVE-2025-24162 CVE-2025-24158 CVE-2025-24149 CVE-2025-24166 CVE-2025-24117 CVE-2025-24159 CVE-2025-24107 CVE-2025-24085 CVE-2025-24126 CVE-2025-24124 CVE-2025-24123 CVE-2025-24163 CVE-2025-24161 CVE-2025-24160 CVE-2025-24137 CVE-2025-24131 CVE-2025-24129 |
| CWE-ID | CWE-119 CWE-20 CWE-125 CWE-200 CWE-264 CWE-416 CWE-787 CWE-843 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #9 is being exploited in the wild. |
| Vulnerable software |
watchOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 18 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU103343
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24086
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU103354
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24162
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in WebKit. A remote attacker can trick the victim into visiting a specially crafted website and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU103353
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24158
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling HTML content in WebKit. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU103356
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24149
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in SceneKit. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU103347
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24166
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in libxslt. A remote attacker can trick the victim into visiting a specially crafted website and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU103346
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24117
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in LaunchServices. A local application can fingerprint the user.
Install update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU103345
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24159
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the OS kernel. A local application can execute arbitrary code with kernel privileges. MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU103344
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24107
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the OS kernel. A local application can execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU103330
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2025-24085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in CoreMedia. A local application can execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild. MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
10) Buffer overflow
EUVDB-ID: #VU103332
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24126
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in AirPlay. A remote attacker on the local network can send specially crafted input to the device, trigger memory corruption and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds write
EUVDB-ID: #VU103342
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24124
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted MOV file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU103341
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24123
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted MOV file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU103340
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CoreAudio. A remote attacker can trick the victim into opening a specially crafted media file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU103339
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24161
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CoreAudio. A remote attacker can trick the victim into opening a specially crafted media file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU103338
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CoreAudio. A remote attacker can trick the victim into opening a specially crafted media file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Type Confusion
EUVDB-ID: #VU103336
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24137
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in AirPlay. A remote attacker can send specially crafted packets to the device, trigger a type confusion error and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU103334
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24131
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Type Confusion
EUVDB-ID: #VU103333
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24129
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device, trigger a type confusion error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionswatchOS: 9.0 20R361 - 11.2
CPE2.3- cpe:2.3:o:apple:watchos:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:11.2:*:*:*:*:*:*:*
https://support.apple.com/en-us/122071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
