Lucene search
K

21 matches found

Vulnrichment
Vulnrichment
added 2026/01/26 10:6 a.m.3 views

CVE-2025-59109 UART Leaking Sensitive Data in dormakaba registration unit 9002

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

5.1CVSS6AI score0.00456EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:6 a.m.2 views

CVE-2025-59109

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

5.1CVSS5.9AI score0.00456EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/26 10:6 a.m.5 views

EUVD-2025-206377

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

5.1CVSS5.9AI score0.00456EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:6 a.m.11 views

CVE-2025-59109

The CVE-2025-59109 entry describes the dormakaba reg-istration units 9002 PIN Pad Units with an exposed UART header. The PIN pad reportedly transmits every button press over UART, enabling an attacker with physical access to read PIN data; due to Plug‑and‑Play design, an attacker could remove a d...

5.1CVSS5.9AI score0.00456EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.5 views

PT-2026-4759

Name of the Vulnerable Software and Affected Versions dormakaba registration units 9002 PIN Pad Units affected versions not specified Description The dormakaba registration units 9002 PIN Pad Units have an exposed UART header. The PIN pad transmits every button press through this UART interface. ...

5.1CVSS7.4AI score0.00456EPSS
Exploits0References9
Kitploit
Kitploit
added 2021/05/07 12:30 p.m.50 views

CANalyse - A Vehicle Network Analysis And Attack Tool

CANalyse is a tool built to analyze the log files to find out unique datasets automatically and able to connect to simple user interfaces such as Telegram. Basically, while using this tool the attacker can provide a bot-ID and use the tool over the internet through telegram-bot. CANalyse is made ...

7.8AI score
Exploits0References1
NVD
NVD
added 2019/11/02 5:15 p.m.12 views

CVE-2019-14358

On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to...

4.6CVSS4.4AI score0.00389EPSS
Exploits1References1
CVE
CVE
added 2019/11/02 4:27 p.m.153 views

CVE-2019-14360

On Hyundai Pay Kasse HK-1000 devices, there is a side-channel vulnerability in the row-based OLED display: power consumption per display cycle leaks information about the number of illuminated pixels. This can enable partial recovery of display contents, and could let an attacker with control ove...

4.6CVSS4.4AI score0.00389EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/11/02 4:25 p.m.17 views

CVE-2019-18673

On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to...

4.5AI score0.00389EPSS
Exploits1References1
Prion
Prion
added 2019/10/31 6:15 p.m.12 views

Buffer overflow

DISPUTED On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable...

5CVSS5AI score0.01198EPSS
Exploits1References2Affected Software2
Wired Threat Level
Wired Threat Level
added 2019/10/10 3:7 p.m.44 views

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment...

1.4AI score
Exploits0
NVD
NVD
added 2019/08/12 11:15 p.m.20 views

CVE-2019-14359

On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able ...

2.4CVSS3.3AI score0.00423EPSS
Exploits1References1
NVD
NVD
added 2019/08/10 4:15 p.m.18 views

CVE-2019-14357

On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able t...

2.4CVSS3.4AI score0.00347EPSS
Exploits0References1
Prion
Prion
added 2019/08/10 4:15 p.m.18 views

Design/Logic Flaw

DISPUTED On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might ...

1.9CVSS3.7AI score0.00347EPSS
Exploits0References1
Prion
Prion
added 2019/08/10 4:15 p.m.17 views

Design/Logic Flaw

DISPUTED On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable mig...

1.9CVSS3.7AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2019/08/10 3:54 p.m.121 views

CVE-2019-14357

CVE-2019-14357 affects Mooltipass Mini via a side-channel in the row-based OLED display. The power consumption per display cycle leaks information proportional to the number of illuminated pixels, potentially enabling partial recovery of on-screen secrets (e.g., PIN) when the attacker has control...

2.4CVSS3.7AI score0.00347EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/10 3:41 p.m.114 views

CVE-2019-14355

ShapeShift KeepKey devices are affected by a side-channel vulnerability affecting the row-based OLED display. The power consumption of each display cycle depends on the number of illuminated pixels, enabling partial recovery of the displayed secret data when an attacker can measure device power v...

2.4CVSS3.7AI score0.00347EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/10 3:7 p.m.120 views

CVE-2019-14354

Ledger Nano S/Nano X suffer a side‑channel risk from the row‑based OLED display: power consumption per display cycle correlates with illuminated pixels, enabling partial recovery of display contents (e.g., PIN or BIP39 mnemonic) if an attacker can monitor USB power while secret data is shown. Thi...

2.4CVSS3.7AI score0.0035EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2018/10/04 12:27 p.m.2 views

Chinese Spying Chips Found Hidden On Servers Used By US Companies

A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state. According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a gra...

6.8AI score
Exploits0
pentestit
pentestit
added 2017/10/03 8:37 p.m.42 views

UPDATE: WarBerryPi Version 5.1b!

PenTestIT RSS Feed My last post pertaining to this Red Teaming Hardware Implant was about an updated version. This post also covers the changes made to two versions since my last post about the WarBerryPi v5. We now have an updated release for the Raspberry Pi based hardware implant allowing you ...

6.6AI score
Exploits0
Rows per page
Query Builder