Design/Logic Flaw

2022-05-0704:15:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.

CPENameOperatorVersion
keepkey_firmwarelt7.3.2

CPE	Name	Operator	Version
	keepkey_firmware	lt	7.3.2

References

blog.inhq.net/posts/keepkey-CVE-2022-30330/

github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc

github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2