3 matches found
CVE-2025-2765
CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability...
CVE-2025-2763
CVE-2025-2763 concerns CarlinKit CPC200-CCPA devices where the update package handling over USB lacks proper cryptographic signature verification. The flaw allows physically present attackers to execute arbitrary as root code without authentication, via update packages, per ZDI and Red Hat/NVD/NV...
CVE-2025-2762
CVE-2025-2762 affects CarlinKit CPC200-CCPA. The flaw is due to misconfiguration of the SoC hardware root of trust, enabling local privilege escalation and the execution of arbitrary code in the boot context once an attacker gains low-privilege code execution. Reported details indicate the vulner...