4 matches found
CVE-2025-2764
CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...
CVE-2025-2764 CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability
CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...
CVE-2025-2764
The CVE-2025-2764 entry concerns CarlinKit CPC200-CCPA, specifically the update.cgi handler. The flaw is improper verification of cryptographic signatures on update packages, allowing code execution in the root context when a package is processed. Exploitation is described as network-adjacent wit...
CVE-2025-2764
creationtimestamp| type| source ---|---|--- 2025-03-25 04:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-178/ 2025-04-23 19:48:33+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114389005957491891 2025-04-23 20:14:31+00:00| seen|...