EUVD-2025-202624

The ESP32 system on a chip SoC that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be...

EUVD-2025-202625

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and...

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and...

PT-2025-50500

Name of the Vulnerable Software and Affected Versions Meatmeet affected versions not specified Description The firmware on the Meatmeet basestation is not encrypted. An attacker with physical access can retrieve the firmware dump via UART, potentially discovering credentials for current and...

CVE-2025-65821

The CVE-2025-65821 entry concerns the ESP32 chip where UART download mode remains enabled. The vulnerability affects the UART download mechanism that can be exploited to dump the device flash, exposing sensitive data stored in the NVS partition (e.g., current and prior Wi‑Fi network details) and ...

PT-2025-50497

Name of the Vulnerable Software and Affected Versions ESP32 versions affected versions not specified Description The ESP32 system on a chip SoC used in the Meatmeet Pro has JTAG enabled. An attacker with physical access can connect to the device via the JTAG port and reflash the firmware with...

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

PT-2025-50496

Name of the Vulnerable Software and Affected Versions ESP32 affected versions not specified Description An enabled UART download mode on the ESP32 chip allows an attacker to extract sensitive data from the flash memory, including Wi-Fi network details stored in the NVS partition. This access also...

PT-2022-22120 · Lenovo · Lenovo Notebook

Name of the Vulnerable Software and Affected Versions: Lenovo Notebook devices affected versions not specified Description: A potential issue in a driver used during the manufacturing process on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure...