37 matches found
CVE-2025-2764 CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability
CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...
CVE-2025-2763 CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...
CVE-2025-2763 CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...
CVE-2025-2763
CVE-2025-2763 concerns CarlinKit CPC200-CCPA devices where the update package handling over USB lacks proper cryptographic signature verification. The flaw allows physically present attackers to execute arbitrary as root code without authentication, via update packages, per ZDI and Red Hat/NVD/NV...
CVE-2025-2762 CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target...
CVE-2025-2762
CVE-2025-2762 affects CarlinKit CPC200-CCPA. The flaw is due to misconfiguration of the SoC hardware root of trust, enabling local privilege escalation and the execution of arbitrary code in the boot context once an attacker gains low-privilege code execution. Reported details indicate the vulner...
CVE-2025-2762 CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target...
CarlinKit CPC200-CCPA 数据伪造问题漏洞
CarlinKit CPC200-CCPA is a wireless CarPlay and Android Auto adapter from CarlinKit. The CarlinKit CPC200-CCPA suffers from a Data Forgery Issue vulnerability that stems from update.cgi processing update packages without verifying cryptographic signatures, which could lead to arbitrary code...
CarlinKit CPC200-CCPA 信任管理问题漏洞
The CarlinKit CPC200-CCPA is a wireless CarPlay and Android Auto adapter from CarlinKit. The CarlinKit CPC200-CCPA suffers from a trust management issue vulnerability that stems from the use of hard-coded credentials in wireless hotspots, which could lead to authentication bypass...
CarlinKit CPC200-CCPA 数据伪造问题漏洞
The CarlinKit CPC200-CCPA is a wireless CarPlay and Android Auto adapter from CarlinKit. The CarlinKit CPC200-CCPA suffers from a Data Forgery Issue vulnerability that stems from a failure to validate cryptographic signatures during USB update packet processing, which could lead to arbitrary code...
(0Day) CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from...
PT-2025-12839 · Carlinkit · Carlinkit Cpc200-Ccpa
Name of the Vulnerable Software and Affected Versions: CarlinKit CPC200-CCPA affected versions not specified Description: The issue is related to an improper verification of cryptographic signature, which can lead to code execution. Recommendations: At the moment, there is no information about a...
(0Day) CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of update packages on USB drives. The issue resul...
PT-2025-12840 · Unknown · Carlinkit Cpc200-Ccpa
Name of the Vulnerable Software and Affected Versions: CarlinKit CPC200-CCPA affected versions not specified Description: The issue concerns an improper verification of cryptographic signature, potentially leading to code execution. This has been identified in the update.cgi component...
PT-2025-12841 · Carlinkit · Carlinkit Cpc200-Ccpa Wireless Hotspot
Name of the Vulnerable Software and Affected Versions: CarlinKit CPC200-CCPA Wireless Hotspot affected versions not specified Description: The issue concerns a hard-coded credentials authentication bypass vulnerability in the CarlinKit CPC200-CCPA Wireless Hotspot. This allows for unauthorized...
PT-2025-12838 · Carlinkit · Carlinkit Cpc200-Ccpa
Name of the Vulnerable Software and Affected Versions: CarlinKit CPC200-CCPA affected versions not specified Description: The issue is related to a Missing Root of Trust Local Privilege Escalation. It allows for local privilege escalation. Recommendations: At the moment, there is no information...
(0Day) CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...