Refine your search
2 vulnerabilities found for USB DAC Amplifier APS-DA101JR by Pioneer Corporation
jvndb-2026-000004
Vulnerability from jvndb
Published
2026-01-08 13:47
Modified
2026-01-08 13:47
Severity ?
Summary
The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries
Details
The installers for multiple products provided by PIONEER CORPORATION contain the following vulnerability.<ul><li>Uncontrolled search path element (CWE-427) - CVE-2026-21427</li></ul>Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000004.html",
"dc:date": "2026-01-08T13:47+09:00",
"dcterms:issued": "2026-01-08T13:47+09:00",
"dcterms:modified": "2026-01-08T13:47+09:00",
"description": "The installers for multiple products provided by PIONEER CORPORATION contain the following vulnerability.\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-21427\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000004.html",
"sec:cpe": [
{
"#text": "cpe:/o:pioneer:stellanova_aps-s301 series",
"@product": "Stellanova APS-S301 Series",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:stellanova_limited_aps-s202j-lm",
"@product": "Stellanova Limited APS-S202J-LM",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:stellanova_liteaps-s201jgl",
"@product": "Stellanova Lite APS-S201JGL",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:stellanova_liteaps-s201jgr",
"@product": "Stellanova Lite APS-S201JGR",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:stellanova_liteaps-s201jr",
"@product": "Stellanova Lite APS-S201JR",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:stellanova_liteaps-s201js",
"@product": "Stellanova Lite APS-S201JS",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:usb_dac_amp_aps-da101jgl",
"@product": "USB DAC Amplifier APS-DA101JGL",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:usb_dac_amp_aps-da101jgr",
"@product": "USB DAC Amplifier APS-DA101JGR",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:usb_dac_amp_aps-da101jr",
"@product": "USB DAC Amplifier APS-DA101JR",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:pioneer:usb_dac_amp_aps-da101js",
"@product": "USB DAC Amplifier APS-DA101JS",
"@vendor": "Pioneer Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000004",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN17956874/index.html",
"@id": "JVN#17956874",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-21427",
"@id": "CVE-2026-21427",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries"
}
CVE-2026-21427 (GCVE-0-2026-21427)
Vulnerability from cvelistv5
Published
2026-01-08 04:12
Modified
2026-01-22 07:03
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PIONEER CORPORATION | USB DAC Amplifier APS-DA101JS |
Version: all versions |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T15:52:49.936381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T15:52:56.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "USB DAC Amplifier APS-DA101JS",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "USB DAC Amplifier APS-DA101JR",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "USB DAC Amplifier APS-DA101JGL",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "USB DAC Amplifier APS-DA101JGR",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Lite APS-S201JS",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Lite APS-S201JR",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Lite APS-S201JGL",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Lite APS-S201JGR",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova Limited APS-S202J-LM",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Stellanova APS-S301 series",
"vendor": "PIONEER CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T07:03:11.927Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jpn.pioneer/ja/support/software/stellanova/dac_driver/"
},
{
"url": "https://jvn.jp/en/jp/JVN17956874/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21427",
"datePublished": "2026-01-08T04:12:21.781Z",
"dateReserved": "2025-12-25T00:23:40.578Z",
"dateUpdated": "2026-01-22T07:03:11.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}