{"vulnerability": "CVE-2024-2396", "sightings": [{"uuid": "38341571-42a1-4ec9-89b2-64317094cf56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23967", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/2/from-pwn2own-automotive-more-autel-maxicharger-vulnerabilities", "content": "", "creation_timestamp": "2024-10-03T16:05:14.000000Z"}, {"uuid": "00356530-d0f8-475b-afec-ba392438e976", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23968", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113919919472260315", "content": "", "creation_timestamp": "2025-01-30T23:33:43.237474Z"}, {"uuid": "29df93ab-ac39-4457-bce1-13f1718d393b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23969", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113919944476681044", "content": "", "creation_timestamp": "2025-01-30T23:40:03.113314Z"}, {"uuid": "23871200-8042-4e55-805c-b4fc7a723a75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23968", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypvemkf22h", "content": "", "creation_timestamp": "2025-01-31T00:17:10.313687Z"}, {"uuid": "82fa3205-2359-4062-838d-f693cc21fd14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23969", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypvh4n532j", "content": "", "creation_timestamp": "2025-01-31T00:17:13.148292Z"}, {"uuid": "1f5d2512-cdf3-4c18-9dc7-1b6e22bc1355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23962", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920014168270308", "content": "", "creation_timestamp": "2025-01-30T23:57:46.835599Z"}, {"uuid": "8ca696a5-a1bd-4286-b9aa-eca1c52bbe79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23963", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920092801770806", "content": "", "creation_timestamp": "2025-01-31T00:17:46.471609Z"}, {"uuid": "97206c6d-3426-4bf8-98fb-62eb92f7a4f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23963", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920073765596202", "content": "", "creation_timestamp": "2025-01-31T00:12:56.286984Z"}, {"uuid": "8e467c09-ea5e-4557-9a1f-a8bffe971422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23962", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypva3gtu2t", "content": "", "creation_timestamp": "2025-01-31T00:17:05.625466Z"}, {"uuid": "950fa814-c7be-4dc4-940c-3c6800e612d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23969", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3526", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23969\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the wlanchnllst function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:30:45Z\n\ud83d\udccf Modified: 2025-01-31T00:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23969\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1051", "creation_timestamp": "2025-01-31T01:12:05.000000Z"}, {"uuid": "e71b9591-8355-4c08-addc-cf2a2adbc3ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23963", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113924460848700654", "content": "", "creation_timestamp": "2025-01-31T18:48:39.209640Z"}, {"uuid": "e146c3af-cc91-42a0-9b50-9dae1d1d3da5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23963", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypvcfiax2f", "content": "", "creation_timestamp": "2025-01-31T00:17:07.980283Z"}, {"uuid": "e51c94ec-cf40-4262-93ce-719d1af53339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23968", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113925405458034415", "content": "", "creation_timestamp": "2025-01-31T22:48:51.823560Z"}, {"uuid": "00ce8f56-8572-4588-97ee-ad75a8f23d74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23962", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y3jfg425", "content": "", "creation_timestamp": "2025-01-31T03:35:41.385216Z"}, {"uuid": "5811c095-f96b-450c-9450-b958a09e1149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23968", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y26z6v2w", "content": "", "creation_timestamp": "2025-01-31T03:35:35.064576Z"}, {"uuid": "96ef3797-8885-4865-9252-f83c8e467f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2396", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulsdjdga22", "content": "", "creation_timestamp": "2025-02-11T02:18:26.253332Z"}, {"uuid": "2f7febe3-10d0-4b40-a9e0-e77460542bce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23968", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23968\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:30:44Z\n\ud83d\udccf Modified: 2025-01-31T00:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23968\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1050", "creation_timestamp": "2025-01-31T01:12:06.000000Z"}, {"uuid": "e21cbe39-89d1-4e63-ae61-9809006f2f56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23963", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3540", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23963\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:30:44Z\n\ud83d\udccf Modified: 2025-01-31T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23963\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-850", "creation_timestamp": "2025-01-31T01:12:22.000000Z"}, {"uuid": "530cf049-1bc6-4f7b-9370-48abaff664bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23969", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113924932011717210", "content": "", "creation_timestamp": "2025-01-31T20:48:27.438183Z"}, {"uuid": "7e80dfd2-8643-4408-9524-b21ecd8b1d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23963", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y35wqt2g", "content": "", "creation_timestamp": "2025-01-31T03:35:39.582597Z"}, {"uuid": "a34c00fe-fcbf-400a-9f13-c9592f59d4ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23969", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y3f26r2h", "content": "", "creation_timestamp": "2025-01-31T03:35:40.778707Z"}, {"uuid": "5969bd83-3e9e-49d1-a838-1abefc9ecdc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23967", "type": "seen", "source": "https://t.me/itsec_news/4688", "content": "\u200b\u26a1\ufe0f\u041a\u0430\u043a \u0437\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043c\u043e\u0431\u0438\u043b\u044c \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e? \u041f\u043e\u0434\u0441\u043a\u0430\u0437\u0430\u043b\u0438 \u0445\u0430\u043a\u0435\u0440\u044b \u0441 Pwn2Own\n\n\ud83d\udcac\u041d\u0430 \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u0438 Pwn2Own Automotive 2024 \u0432 \u0422\u043e\u043a\u0438\u043e \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0442\u0440\u0451\u0445 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0437\u0430\u0440\u044f\u0434\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0434\u043b\u044f \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439: Autel MaxiCharger, ChargePoint Home Flex \u0438 JuiceBox 40. \u041e\u0434\u043d\u0438\u043c \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0441\u0442\u0430\u043b\u043e \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u043d\u0430 \u0437\u0430\u0440\u044f\u0434\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 Autel MaxiCharger (\u043c\u043e\u0434\u0435\u043b\u044c MAXI US AC W12-L-4G) \u0447\u0435\u0440\u0435\u0437 Bluetooth \u0431\u0435\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u0439, \u043a\u0440\u043e\u043c\u0435 \u043d\u0430\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0437\u043e\u043d\u0435 \u0435\u0433\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u0417\u0430\u0440\u044f\u0434\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e Autel MaxiCharger \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e\u043c \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Wi-Fi, Ethernet, Bluetooth, 4G LTE, RFID-\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u0435\u043b\u044c \u0438 \u0441\u0435\u043d\u0441\u043e\u0440\u043d\u044b\u0439 \u044d\u043a\u0440\u0430\u043d. \u0412 \u0445\u043e\u0434\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 Bluetooth ( CVE-2024-23958 ) \u0438 \u0434\u0432\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043c\u0435\u0441\u0442\u0430 \u0432 \u0432\u0438\u0434\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 ( CVE-2024-23959 \u0438 CVE-2024-23967 ). \u042d\u0442\u0438 \u0431\u0430\u0433\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c.\n\n\u0413\u043b\u0430\u0432\u043d\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0434\u043b\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0431\u044b\u043b\u043e \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430. \u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u043f\u044b\u0442\u043e\u043a, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043d\u044f\u0442\u044c, \u043a\u0430\u043a \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0438 Bluetooth. \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432, \u0447\u0442\u043e \u0441\u0441\u044b\u043b\u043a\u0438 \u0434\u043b\u044f \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043c\u043e\u0433\u043b\u0438 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u0435\u0442\u043e\u0434\u0430 \u043f\u043e\u0434\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0438\u043c \u0441\u043a\u0430\u0447\u0430\u0442\u044c \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443 \u0438 \u043d\u0430\u0447\u0430\u0442\u044c \u0430\u043d\u0430\u043b\u0438\u0437.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0431\u0430\u0433 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 Bluetooth, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u0440\u0430\u043d\u0435\u0435 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443 \u043a\u043e\u0434 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438. \u042d\u0442\u043e \u043e\u0437\u043d\u0430\u0447\u0430\u043b\u043e, \u0447\u0442\u043e \u043b\u044e\u0431\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0432 \u0437\u043e\u043d\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f Bluetooth \u043c\u043e\u0433\u043b\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u0437\u0430\u0440\u044f\u0434\u043d\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0431\u0435\u0437 \u0432\u0432\u043e\u0434\u0430 \u043a\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 Bluetooth, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0433, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043f\u0435\u0440\u0435\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0432\u043d\u0435 \u0435\u0433\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u043b\u043e \u043d\u0430\u043d\u0435\u0441\u0442\u0438 \u0443\u0449\u0435\u0440\u0431 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044e \u0438\u043b\u0438 \u0437\u0430\u0440\u044f\u0434\u043d\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443.\n\n\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0447\u0442\u043e Autel MaxiCharger \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0443 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0442\u044c \u0441\u0432\u043e\u0435 \u0437\u0430\u0440\u044f\u0434\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0434\u043b\u044f \u043e\u0431\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0437\u0430 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u0435\u043c\u0443\u044e \u044d\u043d\u0435\u0440\u0433\u0438\u044e. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u0437\u043b\u043e\u043c \u0442\u0430\u043a\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u0442\u0447\u0451\u0442\u0430\u043c\u0438 \u043e \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0438 \u044d\u043d\u0435\u0440\u0433\u0438\u0438, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0430.\n\n\u0412 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0435 \u0441\u0432\u043e\u0435\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u0437\u0430\u0440\u044f\u0434\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439 \u043e\u0431\u043b\u0430\u0434\u0430\u044e\u0442 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u044b\u0445 \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u043e\u0434\u0430 \u0430\u0442\u0430\u043a. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Autel \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447\u0438, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u043b\u0438 \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u044c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0438 \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0412 \u0431\u0443\u0434\u0443\u0449\u0435\u043c \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043c\u043e\u0433\u0443\u0442 \u0443\u0441\u0438\u043b\u0438\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u0440\u044f\u0434\u043a\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439 \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0432\u043b\u0438\u044f\u0442\u044c \u043a\u0430\u043a \u043d\u0430 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439, \u0442\u0430\u043a \u0438 \u043d\u0430 \u0446\u0435\u043b\u044b\u0435 \u0433\u043e\u0440\u043e\u0434\u0441\u043a\u0438\u0435 \u044d\u043d\u0435\u0440\u0433\u043e\u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-09-10T16:39:28.000000Z"}, {"uuid": "c4817cf6-ac40-4855-88e9-069ddf093de2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23962", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3541", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23962\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device.\n\ud83d\udccf Published: 2025-01-31T00:30:44Z\n\ud83d\udccf Modified: 2025-01-31T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23962\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-847", "creation_timestamp": "2025-01-31T01:12:26.000000Z"}, {"uuid": "46bcae37-afec-4428-8b1d-cf2e390692ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23962", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19956", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23962\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device.\n\ud83d\udccf Published: 2025-01-30T23:53:33.224Z\n\ud83d\udccf Modified: 2025-06-30T17:34:07.761Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-847/", "creation_timestamp": "2025-06-30T18:08:12.000000Z"}, {"uuid": "84e4a612-5616-43e3-a6b8-930479d40bc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23968", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19952", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23968\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-30T23:31:40.396Z\n\ud83d\udccf Modified: 2025-06-30T17:51:22.860Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1050/", "creation_timestamp": "2025-06-30T18:08:05.000000Z"}, {"uuid": "cd6df9ef-b9ca-4cc0-84bd-c3493118e9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23969", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19953", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23969\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the wlanchnllst function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-30T23:37:22.462Z\n\ud83d\udccf Modified: 2025-06-30T17:49:02.959Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1051/", "creation_timestamp": "2025-06-30T18:08:06.000000Z"}, {"uuid": "102765bb-7725-4fbe-bcc8-9f16306a9e62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23963", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19957", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23963\n\ud83d\udd25 CVSS Score: 8 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-30T23:57:24.401Z\n\ud83d\udccf Modified: 2025-06-30T17:30:52.098Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-850/", "creation_timestamp": "2025-06-30T18:08:13.000000Z"}, {"uuid": "6d632b74-b1eb-43bd-a6d2-08f4bf0aa444", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23969", "type": "seen", "source": "https://t.me/cvedetector/16857", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23969 - ChargePoint Home Flex Rce (Buffer Overflow)\", \n  \"Content\": \"CVE ID : CVE-2024-23969 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the wlanchnllst function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:15.000000Z"}, {"uuid": "e2f089a3-dceb-4ee9-9394-d9143bbf3dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23968", "type": "seen", "source": "https://t.me/cvedetector/16856", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23968 - ChargePoint Home Flex Stack Based Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-23968 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:14.000000Z"}, {"uuid": "5e7da551-8bad-43d9-a823-1c09c219446e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23963", "type": "seen", "source": "https://t.me/cvedetector/16855", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23963 - Alpine Halo9 Bluetooth PBAP Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23963 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.  \n  \nThe specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:13.000000Z"}, {"uuid": "d089df6e-2440-4b27-9e66-4d4acae9a98b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23962", "type": "seen", "source": "https://t.me/cvedetector/16854", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23962 - Alpine Halo9 DLT Interface Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-23962 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:13.000000Z"}, {"uuid": "88a292fb-6fc5-44a9-ade4-76063d0e431e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23961", "type": "seen", "source": "https://t.me/cvedetector/6601", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23961 - Alpine Halo9 Unauthenticated Root Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23961 \nPublished : Sept. 28, 2024, 7:15 a.m. | 36\u00a0minutes ago \nDescription : Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.  \n  \nWas ZDI-CAN-23306 \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-28T10:18:18.000000Z"}, {"uuid": "c6ec9457-bfcf-4395-823b-a4b0a56b0638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23960", "type": "seen", "source": "https://t.me/cvedetector/6600", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23960 - Alpine Halo9 Cryptographic Signature Verification bypass\", \n  \"Content\": \"CVE ID : CVE-2024-23960 \nPublished : Sept. 28, 2024, 7:15 a.m. | 36\u00a0minutes ago \nDescription : Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.  \n  \nWas ZDI-CAN-23102 \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-28T10:18:14.000000Z"}, {"uuid": "dfa057a2-d25b-4db4-9944-efc5d927b4b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23967", "type": "seen", "source": "https://t.me/cvedetector/6597", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23967 - Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23967 \nPublished : Sept. 28, 2024, 7:15 a.m. | 36\u00a0minutes ago \nDescription : Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.  \n  \nThe specific flaw exists within the handling of base64-encoded data within WebSocket messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.  \n  \nWas ZDI-CAN-23230 \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-28T10:18:12.000000Z"}]}