This vulnerability affects the GPS signal validation mechanism in the JXL 9 Inch Car Android Double Din Player on Android v12.0. Attackers can exploit this flaw to inject falsified GPS signals that the system accepts as legitimate, resulting in incorrect or static location reporting. The issue is classified under CWE-941 (Improper Control of Generation of Code), reflecting a failure to properly validate external input. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality impact, but high integrity and availability impact. There is no vendor advisory or patch information available at this time.

The vulnerability allows attackers to compromise the integrity and availability of the GPS location data reported by the affected infotainment system. This can lead to incorrect navigation information, potentially causing safety risks or operational disruptions. There is no impact on confidentiality reported. No known exploits are currently active in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should be cautious about relying on GPS data from the affected device and consider alternative navigation methods. Monitoring for vendor updates is recommended.