Code injection

2023-07-1716:15:00

PRIOn knowledge base

www.prio-n.com

code injection

emfi attack

cpu context level

secure boot

flash encryption

rom download mode

encrypted flash content

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.

CPENameOperatorVersion
esp-eye_firmwareeq3.0
esp-eye_firmwareeq3.1
esp32-d0wd-v3_firmwareeq3.0
esp32-d0wd-v3_firmwareeq3.1
esp32-d0wdr2-v3_firmwareeq3.0
esp32-d0wdr2-v3_firmwareeq3.1
esp32-devkitc_firmwareeq3.0
esp32-devkitc_firmwareeq3.1
esp32-devkitm-1_firmwareeq3.0
esp32-devkitm-1_firmwareeq3.1

Name	Operator	Version
esp-eye_firmware	eq	3.0
esp-eye_firmware	eq	3.1
esp32-d0wd-v3_firmware	eq	3.0
esp32-d0wd-v3_firmware	eq	3.1
esp32-d0wdr2-v3_firmware	eq	3.0
esp32-d0wdr2-v3_firmware	eq	3.1
esp32-devkitc_firmware	eq	3.0
esp32-devkitc_firmware	eq	3.1
esp32-devkitm-1_firmware	eq	3.0
esp32-devkitm-1_firmware	eq	3.1

Rows per page:

1-10 of 441

References

espressif.com

www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf