29 matches found
EUVD-2019-6805
Malware in sbrugna...
EUVD-2018-10278
Malware in sbrugna...
EUVD-2024-25308
Malicious code in bioql PyPI...
EUVD-2023-39813
Malicious code in bioql PyPI...
CVE-2024-28183
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
CVE-2019-15894
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code fr...
Minut M2 安全漏洞
Minut M2 is an outdoor sensor from Minut. A security vulnerability exists in Minut M2 version 15142, which originates from internal flash encryption key extraction and could lead to a physical neighbor attacker injecting modifications to the firmware...
CVE-2024-28183
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
CVE-2024-28183
CVE-2024-28183 describes a TOCTOU vulnerability in the ESP-IDF bootloader of Espressif SoCs. An attacker with physical access to device flash can bypass anti-rollback protection by altering flash contents after anti-rollback checks but before loading the application, enabling boot of partitions w...
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
Code injection
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
Espressif ESP32 安全漏洞
The Espressif ESP32 is a microcontroller from China Loxin Information Technology Espressif. A security vulnerability exists in the Espressif ESP32 3.0 ESP32rev300 ROM, which arises from an EMFI attack on the ECO3 that is capable of affecting CPU context-level PC values, regardless of secure boot...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
PT-2020-13626 · Espressif · Esp32
Name of the Vulnerable Software and Affected Versions: ESP32 affected versions not specified Description: The issue concerns bypassing Secure Boot and Flash Encryption on ESP32 chips. It allows extracting decrypted flash data from a fully protected ESP32 chip using chip-level weaknesses, without...
PT-2020-14144 · Espressif · Esp32
Name of the Vulnerable Software and Affected Versions: Espressif ESP32 affected versions not specified Description: The issue concerns bypassing flash encryption by leveraging a design weakness in combination with EMFI. This allows for potential unauthorized access to encrypted data. There is no...
CVE-2019-17391
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...