CVE-2025-8473 in iLX-507informazioni

Riassunto

di MITRE • 01/08/2025

Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the UPDM_wstpCBCUpdStart function. The issue results from the lack of proper validation of user-supplied data before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26317.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsabile

Zdi

Prenotare

01/08/2025

Divulgazione

01/08/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00701

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!