ZDI-25-763: (0Day) (Pwn2Own) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not... 02/08/2025 Zero-Day Initiative
ZDI-25-762: (0Day) (Pwn2Own) Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not... 02/08/2025 Zero-Day Initiative
ZDI-25-761: (0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required... 02/08/2025 Zero-Day Initiative
ZDI-25-760: (Pwn2Own) QNAP TS-464 rsync Daemon Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-759: (Pwn2Own) QNAP TS-464 Log Tool SQL Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-758: (Pwn2Own) QNAP TS-464 Samba Command Argument Injection Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-757: (Pwn2Own) QNAP QHora-322 tar Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-756: (Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not... 02/08/2025 Zero-Day Initiative
ZDI-25-755: (Pwn2Own) QNAP QHora-322 qsyslog-cli username Format String Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-754: (Pwn2Own) QNAP TS-464 privWizard.cgi Authentication CRLF Injection Privilege Escalation Vulnerability This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of QNAP TS-464 devices. Although authentication is required to... 02/08/2025 Zero-Day Initiative
