← Back

CVE-2024-23962

nvd nist
Published: Jan 31, 2025Modified: Aug 12, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: ics-cert@hq.dhs.gov (Secondary)

Description

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device.

Affected (1)

Alpsalpine
1 product
Ilx F509 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ilx F509 Firmware
All versions
Running on/withPlatform Versions
Alpsalpine
Ilx F509
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

Source: ics-cert@hq.dhs.gov
Third Party Advisory

Timeline

No history available yet.