Cesanta MJS stack overflow vulnerability (CNVD-2021-38646)

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parsestatement in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS stack overflow vulnerability (CNVD-2021-38652)

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parsecomparison in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS stack overflow vulnerability (CNVD-2021-38651)

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parseshifts in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

CVE-2021-31532

NXP LPC55S6x microcontrollers 0A and 1B, i.MX RT500 silicon rev B1 and B2, i.MX RT600 silicon rev A0, B0, LPC55S6x, LPC55S2x, LPC552x silicon rev 0A, 1B, LPC55S1x, LPC551x silicon rev 0A and LPC55S0x, LPC550x silicon rev 0A include an undocumented ROM patch peripheral that allows unsigned,...

Code injection

NXP LPC55S6x microcontrollers 0A and 1B, i.MX RT500 silicon rev B1 and B2, i.MX RT600 silicon rev A0, B0, LPC55S6x, LPC55S2x, LPC552x silicon rev 0A, 1B, LPC55S1x, LPC551x silicon rev 0A and LPC55S0x, LPC550x silicon rev 0A include an undocumented ROM patch peripheral that allows unsigned,...

CVE-2021-31532

NXP LPC55S6x microcontrollers 0A and 1B, i.MX RT500 silicon rev B1 and B2, i.MX RT600 silicon rev A0, B0, LPC55S6x, LPC55S2x, LPC552x silicon rev 0A, 1B, LPC55S1x, LPC551x silicon rev 0A and LPC55S0x, LPC550x silicon rev 0A include an undocumented ROM patch peripheral that allows unsigned,...

CVE-2021-31532

The CVE-2021-31532 case concerns NXP LPC55S6x microcontrollers (0A/1B), i.MX RT500 (B1/B2), i.MX RT600 (A0/B0), LPC55S6x/LPC55S2x/LPC552x (0A/1B), LPC55S1x/LPC551x (0A) and LPC55S0x/LPC550x (0A). A previously undocumented ROM patch peripheral is present that allows unsigned, non‑persistent modifi...

PT-2021-4213 · Texas Instruments · Ti-Rtos

Name of the Vulnerable Software and Affected Versions: TI-RTOS affected versions not specified Description: The issue is related to an integer overflow vulnerability in the HeapTrack alloc function. This vulnerability can be triggered when extremely large values are passed, causing the function t...

Texas Instruments TI-RTOS-MCU 输入验证错误漏洞

The Texas Instruments TI-RTOS-MCU is an application system from Texas Instruments, Inc. A real-time operating system RTOS for microcontrollers MCUs. An input validation error vulnerability exists in Texas Instrument TI-RTOS that originates from returning a valid pointer to a small buffer on a ver...

Amazon FreeRTOS Integer Overflow Vulnerability

Amazon FreeRTOS is an open source operating system for microcontrollers from Amazon USA. An integer overflow vulnerability exists in streambuffer.c in Amazon FreeRTOS versions prior to 10.4.3. No details of the vulnerability are provided at this time...

CVE-2021-3011

The CVE-2021-3011 family describes an electromagnetic-wave side-channel vulnerability in NXP SmartMX/P5x security microcontrollers and A7x secure authentication microcontrollers, affecting CryptoLib up to v2.9. The issue enables extraction of the ECDSA private key with extensive physical access, ...

The vulnerability of Thunderbolt device microcontrollers, related to the lack of protection at the “Work Camp” level, allows a intruder to gain direct access to the memory of computing devices to which Thunderbolt-enabled devices are connected.

The vulnerability of Thunderbolt device microcontrollers is related to the lack of protection at the “Work Camp” level. Exploiting this vulnerability can allow an attacker to gain direct access to the memory of computing devices, to which Thunderbolt devices are connected...

The vulnerability of Thunderbolt devices’ microcontrollers stems from the ability to use configuration parameters of an unauthenticated controller. This allows a malicious actor to gain direct access to the memory of computing devices connected to Thunderbolt interfaces.

The vulnerability of Thunderbolt device microcontrollers lies in the ability to use configuration parameters for an unauthenticated controller. Exploiting this vulnerability can allow a hacker to gain direct access to the memory of the computing device, which is connected to Thunderbolt devices...

The vulnerability of Thunderbolt devices’ microcontrollers stems from the use of inadequate firmware verification schemes. This allows attackers to gain direct access to the memory of computing devices, which are connected to Thunderbolt interfaces.

The vulnerability of Thunderbolt device microcontrollers is related to the use of inadequate firmware verification schemes. Exploiting this vulnerability can allow an attacker to gain direct access to the memory of the computing device, to which Thunderbolt devices are connected...

Hacking Hardware Password Managers: The RecZone

TL:DR Hardware security can be difficult to fathom, so I set out to research three password vaults as a newbie, sharing my findings. I picked three popular hardware vaults, each with different components, requiring different skills and equipment. Here's how I learned about disassembly, chipset...

The vulnerability of the OAD update mechanism of Texas Instruments’ microprogrammable microcontrollers’ Bluetooth Low Energy technology allows a intruder to gain full control over the device.

The vulnerability of the OAD Over the Air firmware Download update mechanism of Texas Instruments’ Bluetooth Low Energy microcontroller software is due to the repeated release of memory. Exploiting this vulnerability can allow a hacker to gain full control over the device...

Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update

Overview Texas Instruments CC2640 and CC2650 microcontrollers are vulnerable to a heap overflow and may allow unauthenticated firmware installation. Description CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2018-16986 - also known as BLEEDINGBIT The following...

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

Researchers have found that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities. The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take...

Espruino Buffer Overflow Vulnerability (CNVD-2018-10889)

Espruino is a JavaScript interpreter for use in microcontrollers. A stack overflow vulnerability exists in versions of Espruino prior to 1.99. An attacker can exploit this vulnerability to cause a denial of service application crash with the help of specially crafted files...

Microsoft built its own custom Linux OS to secure IoT devices

Finally, it's happening. Microsoft has built its own custom Linux kernel to power "Azure Sphere," a newly launched technology that aims to better secure billions of "Internet of things" devices by combining the custom Linux kernel with new chip design, and its cloud security service. Project Azur...