GCVE - cpe:2.3:a:alpine:ilx-507:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:alpine:ilx-507:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Alpine (`e65381bf-0992-54b2-9308-c54d704b1820`)
Product	Ilx 507 (`8441797c-8d42-55ef-8a0b-4924cb5423f3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8480`	vulnerable	2026-06-08 07:45:20.627935	Alpine iLX-507 Command Injection Remote Code Execution HIGH (8) Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tidal music streaming application. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26357. Published: 2025-08-01T17:38:45.894Z Updated: 2025-08-07T16:06:00.334Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-766/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8477`	vulnerable	2026-06-08 07:45:20.624584	Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability HIGH (7.4) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26324. Published: 2025-08-01T17:38:48.758Z Updated: 2025-08-01T18:12:28.740Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-767/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8476`	vulnerable	2026-06-08 07:45:20.624209	Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability HIGH (7.1) Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26322. Published: 2025-08-01T17:38:41.443Z Updated: 2025-08-01T18:53:13.566Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-765/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8475`	vulnerable	2026-06-08 07:45:20.623632	Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability HIGH (7.4) Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the implementation of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26321. Published: 2025-08-01T17:38:37.709Z Updated: 2025-08-01T18:54:17.404Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-764/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8474`	vulnerable	2026-06-08 07:45:20.623337	Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability MEDIUM (6.8) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26318. Published: 2025-08-01T17:38:34.112Z Updated: 2025-08-01T19:04:16.692Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-763/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8473`	vulnerable	2026-06-08 07:45:20.622891	Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability MEDIUM (6.4) Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wstpCBCUpdStart function. The issue results from the lack of proper validation of user-supplied data before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26317. Published: 2025-08-01T17:38:30.138Z Updated: 2025-08-01T19:14:15.168Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-762/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8472`	vulnerable	2026-06-08 07:45:20.621258	Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability HIGH (7.4) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-26316. Published: 2025-08-01T17:38:26.172Z Updated: 2025-08-01T19:17:23.518Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-761/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.