Ilx F509 Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:alpsalpine:ilx-f509_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Alpsalpine (24cc8c24-d950-5488-b072-b4c1cb9c4cbd) |
|---|---|
| Product | Ilx F509 Firmware (08d0a2a3-71b8-512b-b794-f5a6e4c7e1c6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-23963 |
vulnerable | 2026-06-08 06:29:41.010976 |
Alpine Halo9 Stack-based Buffer Overflow
HIGH (8)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.
The specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Published: 2025-01-30T23:57:24.401Z
Updated: 2025-07-01T13:41:46.822Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23962 |
vulnerable | 2026-06-08 06:29:41.010521 |
Alpine Halo9 Missing Authentication
MEDIUM (5.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device.
Published: 2025-01-30T23:53:33.224Z
Updated: 2025-07-01T13:43:07.238Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.