CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability

Vulnerability

A code execution vulnerability has been identified in CarlinKit CPC200-CCPA devices, stemming from improper verification of cryptographic signatures in update packages in USB drives. This flaw allows physically present attackers to execute arbitrary code with root privileges on the affected devices, without requiring authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution on the affected device, with root-level privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating