175 matches found
CVE-2023-35818
The CVE-2023-35818 issue affects Espressif ESP32 3.0 (ESP32_rev300 ROM). An EMFI attack on ECO3 allows an attacker to influence the program counter at CPU context level, independent of Secure Boot and Flash Encryption. This enables access to ROM download mode, potentially allowing reading of encr...
CVE-2020-11015 Device Authentication Vulnerability in thinx-device-api IoT Device Management Server
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...
CVE-2020-11015
CVE-2020-11015 affects the thinx-device-api IoT Device Management Server prior to firmware 2.5.0. The root issue allows a spoofed MAC address to bypass UDID checks during initial registration, potentially enabling creation of a new UDID with the same MAC address (noted to apply to ESP8266/ESP32 d...
The vulnerability of the first-stage bootloader in ESP32 microcontrollers’ microprogramming software allows a hacker to obtain secure boot keys.
The vulnerability of the first-stage Secure Boot loader of ESP32 microcontrollers’ microprogramming software is related to insufficient handling of exceptional states. Exploiting this vulnerability can allow attackers to obtain secure boot keys...
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
The embargo period is over for a proof-of-concept PoC tool to test for the recently revealed BrakTooth flaws in Bluetooth devices, and the researchers who discovered them have released both the test kit and full exploit code for the bugs. BrakTooth is a collection of flaws affecting commercial...
The vulnerability of the Bluetooth Classic implementation of the microprogramming software for the ESP-WROVER-KIT development board, which is used for the ESP32 Wi-Fi/Bluetooth module series, allows a hacker to execute arbitrary code.
The vulnerability of the Bluetooth Classic implementation of the microprogramming software for the ESP-WROVER-KIT development board for the ESP32 Wi-Fi/Bluetooth series modules is related to insufficient verification of input data. Exploiting this vulnerability could allow a remote attacker to...
Default credentials
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
PYSEC-2021-351
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
CVE-2021-28135
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service crash in ESP32 by flooding the target device with LMP Feature Response data...
Memory corruption
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption and consequently a crash in ESP32 via a replaye...
CVE-2021-28136
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption and consequently a crash in ESP32 via a replaye...
BrakTooth Bluetooth vulnerabilities, crash all the devices!
Security researchers have revealed details about a set of 16 vulnerabilities that impact the Bluetooth software stack that ships with System-on-Chip SoC boards from several popular vendors. The same group of researchers disclosed the SweynTooth vulnerabilities in February 2020. They decided to du...
Espressif esp32 has an unspecified vulnerability
Espressif ESP32 is a microcontroller from China Lexin Information Technology Espressif. espressif esp32 has a security vulnerability that allows an attacker to cause a denial of service and kernel crash via a misformatted beacon csa frame...
CVE-2021-34173
An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover...
Design/Logic Flaw
An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover...
CVE-2021-34173
The CVE-2021-34173 entry affects Espressif ESP32 (v4.2 and earlier). The root cause is a malformed beacon CSA frame that can trigger a denial of service and kernel panic, requiring a reboot to recover. Public descriptions consistently state DoS/kernel panic without detailing patches or exploitati...
PT-2020-14144 · Espressif · Esp32
Name of the Vulnerable Software and Affected Versions: Espressif ESP32 affected versions not specified Description: The issue concerns bypassing flash encryption by leveraging a design weakness in combination with EMFI. This allows for potential unauthorized access to encrypted data. There is no...
CVE-2020-13594
The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.2 and earlier for ESP32 devices does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service crash via a crafted packet...
CVE-2020-13595
The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.0 through 4.2 for ESP32 devices returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can...
CVE-2020-13594
The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.2 and earlier for ESP32 devices does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service crash via a crafted packet...