VYPR

Halo9

by Alpine

CVEs (7)

  • CVE-2024-23923HigSep 28, 2024
    risk 0.57cvss 8.8epss 0.01

    Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. …

  • CVE-2024-23963HigJan 31, 2025
    risk 0.52cvss 8.0epss 0.00

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The…

  • CVE-2024-23935HigSep 28, 2024
    risk 0.52cvss 8.0epss 0.00

    Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a…

  • CVE-2024-23961MedSep 28, 2024
    risk 0.44cvss 6.8epss 0.01

    Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this…

  • CVE-2024-23924MedSep 28, 2024
    risk 0.44cvss 6.8epss 0.01

    Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this…

  • CVE-2024-23962MedJan 31, 2025
    risk 0.35cvss 5.3epss 0.01

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by…

  • CVE-2024-23960MedSep 28, 2024
    risk 0.30cvss 4.6epss 0.00

    Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this…