25 matches found
EUVD-2025-202625
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...
CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability
ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...
EUVD-2019-7795
Malware in sbrugna...
EUVD-2021-20835
Malware in sbrugna...
EUVD-2025-7816
Malicious code in bioql PyPI...
EUVD-2023-39813
Malicious code in bioql PyPI...
CVE-2021-34173
An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover...
CVE-2025-27840
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...
CVE-2025-27840
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...
CVE-2025-27840
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...
Espressif ESP32 安全漏洞
Espressif ESP32 is a microcontroller from China Loxin Espressif. A security vulnerability exists in the Espressif ESP32 that stems from hidden HCI commands that may result in memory writes...
CVE-2025-27840
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...
PT-2025-10465
Name of the Vulnerable Software and Affected Versions Espressif ESP32 affected versions not specified Description The Espressif ESP32 chip contains 29 hidden HCI commands, such as 0xFC02 Write memory, which can be used for cyberattacks. These commands can be exploited to impersonate trusted...
CVE-2025-27840
CVE-2025-27840 concerns Espressif ESP32 family chips. The public materials describe 29 hidden HCI/debug commands (notably 0xFC02: Write memory) that are undocumented and could enable memory writes in affected devices. Espressif explicitly states these are internal debug commands not remotely acce...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
CVE-2023-35818
The CVE-2023-35818 issue affects Espressif ESP32 3.0 (ESP32_rev300 ROM). An EMFI attack on ECO3 allows an attacker to influence the program counter at CPU context level, independent of Secure Boot and Flash Encryption. This enables access to ROM download mode, potentially allowing reading of encr...
Espressif esp32 has an unspecified vulnerability
Espressif ESP32 is a microcontroller from China Lexin Information Technology Espressif. espressif esp32 has a security vulnerability that allows an attacker to cause a denial of service and kernel crash via a misformatted beacon csa frame...