PT-2026-5812 · Alps Electric · Alps Pointing-Device Controller
Mario Rodriguez
·
Published
2026-02-04
·
Updated
2026-02-05
·
CVE-2019-25285
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Alps Pointing-device Controller version 8.1202.1711.04
Description
The Alps Pointing-device Controller version 8.1202.1711.04 contains an unquoted service path vulnerability in the
ApHidMonitorService. This allows local attackers to execute code with elevated privileges. An attacker can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.Recommendations
Apply appropriate quoting to the service path to prevent unauthorized execution of files.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alps Pointing-Device Controller