GCVE - cpe:2.3:h:alpsalpine:ilx-507:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:alpsalpine:ilx-507:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Alpsalpine (`24cc8c24-d950-5488-b072-b4c1cb9c4cbd`)
Product	Ilx 507 (`a66af794-89cf-5d60-81dd-a7227a53dd78`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8480`	not_vulnerable	2026-06-08 07:45:20.628251	Alpine iLX-507 Command Injection Remote Code Execution HIGH (8) Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tidal music streaming application. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26357. Published: 2025-08-01T17:38:45.894Z Updated: 2025-08-07T16:06:00.334Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-766/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8477`	not_vulnerable	2026-06-08 07:45:20.624714	Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability HIGH (7.4) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26324. Published: 2025-08-01T17:38:48.758Z Updated: 2025-08-01T18:12:28.740Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-767/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8476`	not_vulnerable	2026-06-08 07:45:20.624361	Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability HIGH (7.1) Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26322. Published: 2025-08-01T17:38:41.443Z Updated: 2025-08-01T18:53:13.566Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-765/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8475`	not_vulnerable	2026-06-08 07:45:20.623889	Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability HIGH (7.4) Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the implementation of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26321. Published: 2025-08-01T17:38:37.709Z Updated: 2025-08-01T18:54:17.404Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-764/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8474`	not_vulnerable	2026-06-08 07:45:20.623394	Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability MEDIUM (6.8) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26318. Published: 2025-08-01T17:38:34.112Z Updated: 2025-08-01T19:04:16.692Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-763/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8473`	not_vulnerable	2026-06-08 07:45:20.622954	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8472`	not_vulnerable	2026-06-08 07:45:20.622435	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.