ZDI-25-767: (0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit... 02/08/2025 Zero-Day Initiative
ZDI-25-766: (0Day) (Pwn2Own) Alpine iLX-507 Command Injection Remote Code Execution This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-765: (0Day) (Pwn2Own) Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-764: (0Day) (Pwn2Own) Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required... 02/08/2025 Zero-Day Initiative
ZDI-25-763: (0Day) (Pwn2Own) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not... 02/08/2025 Zero-Day Initiative
ZDI-25-762: (0Day) (Pwn2Own) Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not... 02/08/2025 Zero-Day Initiative
ZDI-25-761: (0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required... 02/08/2025 Zero-Day Initiative
ZDI-25-760: (Pwn2Own) QNAP TS-464 rsync Daemon Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-759: (Pwn2Own) QNAP TS-464 Log Tool SQL Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-758: (Pwn2Own) QNAP TS-464 Samba Command Argument Injection Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
