Описание
Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the UPDM_wstpCBCUpdStart function. The issue results from the lack of proper validation of user-supplied data before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26317.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
6.4 Medium
CVSS3
6.6 Medium
CVSS3
Дефекты
Связанные уязвимости
Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wstpCBCUpdStart function. The issue results from the lack of proper validation of user-supplied data before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26317.
Уязвимость функции UPDM_wstpCBCUpdStart() автомагнитолы Alpine iLX-507, позволяющая нарушителю выполнить произвольный код в контексте root-пользователя
EPSS
6.4 Medium
CVSS3
6.6 Medium
CVSS3