177 matches found
arduino-esp32 注入漏洞
arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An injection vulnerability exists in arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1, which stems from an HTTP response splitting vulnerability in the sendHeader function...
PT-2025-26980 · Arduino · Arduino-Esp32
Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1 Description: The issue concerns a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP head...
Autel MaxiCharger AC Wallbox Commercial 安全漏洞
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from the bleprocessesp32msg function failing to properly validate the length size of input data, which can be...
CVE-2024-45798
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...
CVE-2021-34173
An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover...
CVE-2020-13595
The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.0 through 4.2 for ESP32 devices returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can...
CVE-2019-17391
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...
CVE-2025-3382 joey-zhou xiaozhi-esp32-server-java update sql injection
A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack c...
CVE-2025-3382
The CVE-2025-3382 entry concerns joey-zhou xiaozhi-esp32-server-java. Affects the update function of the /api/user/update endpoint, where manipulation of the state argument causes SQL injection. The vulnerability is exploitable remotely and is supported by public disclosures. No version details f...
Xiaozhi ESP32 Server Java 注入漏洞
Xiaozhi ESP32 Server Java is a Java Enterprise Management Platform by joey Personal Developer. Xiaozhi ESP32 Server Java suffers from an injection vulnerability that stems from an incorrect manipulation of the parameter state that can lead to SQL injection...
CVE-2025-27840
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...
CVE-2025-27840
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...
CVE-2025-27840
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...
PT-2025-10465
Name of the Vulnerable Software and Affected Versions Espressif ESP32 affected versions not specified Description The Espressif ESP32 chip contains 29 hidden HCI commands, such as 0xFC02 Write memory, which can be used for cyberattacks. These commands can be exploited to impersonate trusted...
Espressif ESP32 安全漏洞
Espressif ESP32 is a microcontroller from China Loxin Espressif. A security vulnerability exists in the Espressif ESP32 that stems from hidden HCI commands that may result in memory writes...
CVE-2025-27840
CVE-2025-27840 concerns Espressif ESP32 family chips. The public materials describe 29 hidden HCI/debug commands (notably 0xFC02: Write memory) that are undocumented and could enable memory writes in affected devices. Espressif explicitly states these are internal debug commands not remotely acce...
CVE-2025-27840
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...
CVE-2020-11015
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...
CVE-2024-45798
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...
CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...