cbcvebase.

Alpine Halo9 vulnerabilities

7 known vulnerabilities affecting alpine/halo9.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-23923P2HIGHCVSS 8.8v6.0.0002024-09-28
CVE-2024-23923 [HIGH] CWE-416 CVE-2024-23923: Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerabil Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prh_l2_sar_data_ind function. The issue
nvd
CVE-2024-23935P3HIGHCVSS 7.5v6.0.0002024-09-28
CVE-2024-23935 [HIGH] CWE-121 CVE-2024-23935: Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulner Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnera
nvd
CVE-2024-23963P3HIGHCVSS 8.0vall versions2025-01-31
CVE-2024-23963 [HIGH] CWE-94 CVE-2024-23963: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the PBAP_DecodeVCARD function. The issue results
nvd
CVE-2024-23924P3MEDIUMCVSS 6.8v6.0.0002024-09-28
CVE-2024-23924 [MEDIUM] CWE-78 CVE-2024-23924: Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdCreatSHA256Hash
nvd
CVE-2024-23961P3MEDIUMCVSS 6.8v6.0.0002024-09-28
CVE-2024-23961 [MEDIUM] CWE-78 CVE-2024-23961: Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vu Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp fun
nvd
CVE-2024-23962P3MEDIUMCVSS 5.3vall versions2025-01-31
CVE-2024-23962 [MEDIUM] CWE-200 CVE-2024-23962: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowin
nvd
CVE-2024-23960P4MEDIUMCVSS 4.6v6.0.0002024-09-28
CVE-2024-23960 [MEDIUM] CWE-347 CVE-2024-23960: Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allo Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature
nvd
Alpine Halo9 vulnerabilities | cvebase