CVE-2024-23960

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specifi...

CVE-2024-23961

Alpine Halo9 UPDMwemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specifi...

CVE-2024-23960

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specifi...

CVE-2024-23923

Alpine Halo9 prhl2sardataind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-23935

Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device...

CVE-2024-23924

Alpine Halo9 UPDMwemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The...

CVE-2024-23923

Alpine Halo9 prhl2sardataind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-23924

Alpine Halo9 UPDMwemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The...

CVE-2024-23935

Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device...

CVE-2024-23923 Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability

Alpine Halo9 prhl2sardataind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-23923

CVE-2024-23923 concerns Alpine Halo9 devices, where the prh_l2_sar_data_ind function has a Use-After-Free flaw that allows remote code execution. The issue arises from not validating the existence of an object before operating on it, enabling a network-adjacent attacker with no authentication to ...

CVE-2024-23923 Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability

Alpine Halo9 prhl2sardataind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-23960 Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specifi...

CVE-2024-23960 Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specifi...

CVE-2024-23960

CVE-2024-23960 concerns Alpine Halo9 devices with an improper verification of the firmware metadata cryptographic signature. The flaw is in the firmware metadata signature validation mechanism and allows physically present attackers to bypass signature validation without authentication, potential...

CVE-2024-23924 Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability

Alpine Halo9 UPDMwemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The...

CVE-2024-23924 Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability

Alpine Halo9 UPDMwemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The...

CVE-2024-23924

CVE-2024-23924 affects Alpine Halo9 devices, caused by a flaw in the UPDM_wemCmdCreatSHA256Hash function where a user-supplied string is not properly validated before a system call. This enables a remote code execution risk with root privileges if a physically present attacker can trigger it (att...

CVE-2024-23961 Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability

Alpine Halo9 UPDMwemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specifi...

CVE-2024-23961 Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability

Alpine Halo9 UPDMwemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specifi...