CVE-2025-2764 – CarlinKit CPC200-CCPA Update.cgi Cryptographic Signature Verification Bypass Code Execution Vulnerability

April 23, 2025

CVE ID : CVE-2025-2764

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the handling of update packages provided to update.cgi. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24355.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2763 – CarlinKit CPC200-CCPA Cryptographic Signature Verification Bypass Code Execution Vulnerability

Next Article CVE-2025-28025 – TOTOLINK Router Buffer Overflow Vulnerability

Highlights

CVE-2025-5734 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

June 6, 2025

CVE ID : CVE-2025-5734

Published : June 6, 2025, 8:15 a.m. | 2 hours, 29 minutes ago

Description : A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-2764 – CarlinKit CPC200-CCPA Update.cgi Cryptographic Signature Verification Bypass Code Execution Vulnerability

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

CVE-2025-5642 – Radare2 radiff2 Memory Corruption Vulnerability

Windows 11 adds super wideband stereo for Bluetooth LE Audio

Test Driven Development in Agile Framework

CVE-2025-47490 – Rustaurius Ultimate WP Mail SQL Injection Vulnerability

CVE-2025-5734 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

‘UNC3886 is Attacking Our Critical Infrastructure Right Now’: Singapore’s National Security Lawmaker

Perplexity joins high-powered, high-priced AI race – here’s everything ‘Max’ includes

The Outer Worlds 2: Xbox Game Pass, gameplay, and everything you need to know

CVE-2025-2764 – CarlinKit CPC200-CCPA Update.cgi Cryptographic Signature Verification Bypass Code Execution Vulnerability

Related Posts