175 matches found
CVE-2020-13594
The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.2 and earlier for ESP32 devices does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service crash via a crafted packet...
Design/Logic Flaw
The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.2 and earlier for ESP32 devices does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service crash via a crafted packet...
CVE-2020-13595
The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.0 through 4.2 for ESP32 devices returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can...
CVE-2020-13594
CVE-2020-13594 concerns the BLE controller in Espressif ESP-IDF 4.2 and earlier for ESP32. The vulnerability arises because the channel map field of the connection request packet is not properly restricted, allowing radio-range attackers to crash the device via a crafted packet ( denial of servic...
CVE-2020-11015
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...
Design/Logic Flaw
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...
Your Smart Christmas Lights Are Safer Than They Were Last Year
Thinking about putting up smart Christmas lights but worried about your internet of things IoT security? You can rest a bit easier this year because at least one festive light option is a bit safer than it used to be, new research has found. Manufacturers of the Twinkly smart lights have taken in...
Xmas Light Security Improves… a bit
We've looked at smart Xmas lights before; whilst they were vulnerable, there was no consequence to the hack other than making them flash in a different order! In 2018 we looked at the all-new Twinkly smart festive lights. We found a number of security issues, reported them to the vendor and to a...
CVE-2019-17391
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...
Code injection
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...
CVE-2019-17391
CVE-2019-17391 affects Espressif ESP32 mask ROM code versions 2016-06-08 0 through 2. The root cause is lack of anti-glitch mitigations in the first-stage bootloader, enabling a physical attacker to inject a power-supply glitch shortly after reset to read read-protected eFuses (including flash en...
CVE-2019-17391
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...
CVE-2019-15894
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code fr...
Cesanta Mongoose OS - Use-After-Free Vulnerability
Exploit for hardware platform in category dos / poc Product: Mongoose OS Vendor: Cesanta CVE ID: CVE-2017-7185 CSNC ID: CSNC-2017-003 Subject: Use-after-free / Denial of Service Risk: Medium Effect: Remotely exploitable Authors: Philipp Promeuschel Carel van Rooyen Stephan Sekula Date: 2017-04-03...
Cesanta Mongoose OS - Use-After-Free
Cesanta Mongoose OS - Use-After-Free COMPASS SECURITY ADVISORY https://www.compass-security.com/en/research/advisories/ Product: Mongoose OS Vendor: Cesanta CVE ID: CVE-2017-7185 CSNC ID: CSNC-2017-003 Subject: Use-after-free / Denial of Service Risk: Medium Effect: Remotely exploitable Authors:...