ZDI-24-849: (Pwn2Own) Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability
First published: Fri Jun 21 2024(Updated: )
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alpine Halo9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-24-849?
The severity of ZDI-24-849 is critical due to its potential to allow arbitrary code execution without authentication.
How do I fix ZDI-24-849?
To fix ZDI-24-849, update the Alpine Halo9 devices to the latest firmware that addresses this vulnerability.
What types of attacks can ZDI-24-849 enable?
ZDI-24-849 can enable physical attackers to execute arbitrary commands on the affected devices without prior authentication.
Who is affected by ZDI-24-849?
ZDI-24-849 affects installations of the Alpine Halo9 devices.
Is authentication required to exploit ZDI-24-849?
No, authentication is not required to exploit ZDI-24-849.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-23306
- agent/last-modified-date
- agent/title
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/description
- collector/zdi-advisory
- alias/ZDI-24-849
- alias/CVE-2024-23961
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/alpine
- canonical/alpine halo9