Alpine Halo9 Missing Authentication Information Disclosure Vulnerability

Vulnerability

A vulnerability in Alpine Halo9 devices allows remote attackers to disclose sensitive information. The issue arises from the DLT interface, which by default listens on TCP port 3490. The vulnerability is due to the absence of authentication before granting access to certain functionalities. This flaw can be exploited in conjunction with other vulnerabilities to execute arbitrary code on the device.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure and potentially allow for arbitrary code execution on the affected device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alpine Halo9 Missing Authentication Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

Alpine Halo9

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating