PT-2026-5812 · Alps Electric · Alps Pointing-Device Controller

Mario Rodriguez

Publicado

2026-02-04

Atualizado

2026-02-05

CVE-2019-25285

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Alps Pointing-device Controller version 8.1202.1711.04

Description The Alps Pointing-device Controller version 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService. This allows local attackers to execute code with elevated privileges. An attacker can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.

Recommendations Apply appropriate quoting to the service path to prevent unauthorized execution of files.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-428

Identificadores relacionados

CVE-2019-25285

Produtos afetados

Alps Pointing-Device Controller

PT-2026-5812 · Alps Electric · Alps Pointing-Device Controller

CVE-2019-25285

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5