Hama7230

**Name of the Vulnerable Software and Affected Versions** Kenwood DMX958XR (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The flaw resides within the JKRadioService due to insufficient validation of user-supplied data length before copying it into a fixed-length stack-based buffer, potentially leading to remote code execution in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alpine iLX-507 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices without authentication. The flaw resides within the Tidal music streaming application due to insufficient validation of user-supplied input before executing a system call. An attacker can exploit this to execute code in the context of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alpine iLX-507 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The flaw resides within the TIDAL music streaming application due to improper certificate validation. An attacker can leverage this, in conjunction with other vulnerabilities, to execute arbitrary code with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.