CWE-1191
AllowedOn-Chip Debug and Test Interface With Improper Access Control
Abstraction: Base · Status: Stable
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.
35 vulnerabilities reference this CWE, most recent first.
CVE-2025-52533 (GCVE-0-2025-52533)
Vulnerability from cvelistv5 – Published: 2026-02-12 17:11 – Updated: 2026-02-26 14:44- CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Series Processors |
Unaffected:
MilanPI 1.0.0.G
|
|
| AMD | AMD EPYC™ 7002 Series Processors |
Affected:
No Fix Planned
|
|
| AMD | AMD EPYC™ 7001 Series Processors |
Affected:
No Fix Planned
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Threadripper™ 7000 Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ AI Max 300 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 2000 Mobile Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 3000 Series Desktop Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Z2 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Z2 Series Processors Go |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ AI 300 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 4000 Series Desktop Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Z1 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ 8000 Series Desktop Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD EPYC™ Embedded 3000 Series Processors |
Affected:
No fix planned
|
|
| AMD | AMD EPYC™ Embedded 7002 Series Processors |
Affected:
No fix planned
|
|
| AMD | AMD EPYC™ Embedded 7003 Series Processors |
Unaffected:
EmbMilanPI-SP3 v9 1.0.0.C
|
|
| AMD | AMD Ryzen™ Embedded 8000 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Embedded R1000 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Embedded R2000 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Embedded 7000 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Embedded 5000 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso") |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Embedded V2000 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
|
| AMD | AMD Ryzen™ Embedded V3000 Series Processors |
Unaffected:
Update to Key Distribution Server (KDS)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T04:56:41.059560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:21.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.G"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "No Fix Planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7001 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "No Fix Planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 7000 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 AI Max 300 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 2000 Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Z2 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Z2 Series Processors Go",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 AI 300 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Z1 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 v9 1.0.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 8000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Picasso\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Update to Key Distribution Server (KDS)"
}
]
}
],
"datePublic": "2026-02-12T17:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.\u003cbr\u003e"
}
],
"value": "Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T17:27:42.083Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-52533",
"datePublished": "2026-02-12T17:11:02.241Z",
"dateReserved": "2025-06-17T16:53:10.413Z",
"dateUpdated": "2026-02-26T14:44:21.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47822 (GCVE-0-2025-47822)
Vulnerability from cvelistv5 – Published: 2025-06-27 00:00 – Updated: 2025-09-02 16:12- CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
| Vendor | Product | Version | |
|---|---|---|---|
| Flock Safety | License Plate Reader |
Affected:
0 , ≤ 2.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T18:51:12.457246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T18:51:21.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "License Plate Reader",
"vendor": "Flock Safety",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T16:12:06.946Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert"
},
{
"url": "https://gainsec.com/2025/06/19/bird-hunting-season-security-research-on-flock-safety-anti-crime-systems/"
},
{
"url": "https://gainsec.com/2025/06/19/grounded-flight-device-2-root-shell-on-flock-safetys-falcon-sparrow-automated-license-plate-reader/"
},
{
"url": "https://gainsec.com/wp-content/uploads/2025/06/flock-safety-researcher-summary.pdf"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-47822",
"datePublished": "2025-06-27T00:00:00.000Z",
"dateReserved": "2025-05-10T00:00:00.000Z",
"dateUpdated": "2025-09-02T16:12:06.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47819 (GCVE-0-2025-47819)
Vulnerability from cvelistv5 – Published: 2025-06-27 00:00 – Updated: 2025-09-02 16:24- CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
| Vendor | Product | Version | |
|---|---|---|---|
| Flock Safety | Gunshot Detection devices |
Affected:
0 , < 1.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T18:51:49.384704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T18:55:02.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gunshot Detection devices",
"vendor": "Flock Safety",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T16:24:24.424Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert"
},
{
"url": "https://gainsec.com/2025/06/19/bird-hunting-season-security-research-on-flock-safety-anti-crime-systems/"
},
{
"url": "https://gainsec.com/wp-content/uploads/2025/06/flock-safety-researcher-summary.pdf"
},
{
"url": "https://gainsec.com/2025/06/19/plucked-and-rooted-device-1-debug-shell-on-flock-safetys-raven-gunshot-detection-system/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-47819",
"datePublished": "2025-06-27T00:00:00.000Z",
"dateReserved": "2025-05-10T00:00:00.000Z",
"dateUpdated": "2025-09-02T16:24:24.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36755 (GCVE-0-2025-36755)
Vulnerability from cvelistv5 – Published: 2025-12-12 14:58 – Updated: 2025-12-13 08:16| URL | Tags |
|---|---|
| https://csirt.divd.nl/CVE-2025-5743/ | third-party-advisory |
| https://csirt.divd.nl/DIVD-2025-00043 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| CleverDisplay B.V. | BlueOne (CleverDisplay Hardware Player) |
Affected:
12.11.1
(semver)
Unaffected: 12.12.1 , ≤ * (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T18:50:02.532239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T18:50:19.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Enclosure / USB keyboard interface / BIOS \u0026 GRUB boot process"
],
"product": "BlueOne (CleverDisplay Hardware Player)",
"vendor": "CleverDisplay B.V.",
"versions": [
{
"status": "affected",
"version": "12.11.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "12.12.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alwin Warringa, Tom Dantuma, Ruben Meeuwissen, and Ramon Dunker."
},
{
"lang": "en",
"type": "analyst",
"value": "Dennis Kussendrager (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
}
],
"datePublic": "2025-08-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\u2019s protective enclosure, it was possible to connect a USB keyboard and press \u003cstrong\u003eESC\u003c/strong\u003e during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations."
}
],
"value": "The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\u2019s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings."
}
],
"impacts": [
{
"capecId": "CAPEC-522",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-522 Malicious Hardware Component Replacement"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1244",
"description": "CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191: On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-13T08:16:14.495Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2025-5743/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2025-00043"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access."
}
],
"value": "BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2025-36755",
"datePublished": "2025-12-12T14:58:22.970Z",
"dateReserved": "2025-04-15T21:54:36.815Z",
"dateUpdated": "2025-12-13T08:16:14.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26409 (GCVE-0-2025-26409)
Vulnerability from cvelistv5 – Published: 2025-02-11 09:15 – Updated: 2025-11-03 21:12| URL | Tags |
|---|---|
| https://r.sec-consult.com/wattsense | third-party-advisory |
| https://support.wattsense.com/hc/en-150/articles/… | release-notes |
| http://seclists.org/fulldisclosure/2025/Feb/9 |
| Vendor | Product | Version | |
|---|---|---|---|
| Wattsense | Wattsense Bridge |
Affected:
0 , < 6.4.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-26409",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T14:38:08.176508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:40:45.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:51.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Feb/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wattsense Bridge",
"vendor": "Wattsense",
"versions": [
{
"lessThan": "6.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Constantin Schieber-Kn\u00f6bl | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Stefan Schweighofer | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Steffen Robertz | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in\u0026nbsp;recent firmware versions BSP \u0026gt;= 6.4.1."
}
],
"value": "A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in\u00a0recent firmware versions BSP \u003e= 6.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T09:15:30.131Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/wattsense"
},
{
"tags": [
"release-notes"
],
"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in recent firmware versions BSP \u0026gt;= 6.4.1."
}
],
"value": "This issue is fixed in recent firmware versions BSP \u003e= 6.4.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Access to Bootloader and Shell Over Serial Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-26409",
"datePublished": "2025-02-11T09:15:30.131Z",
"dateReserved": "2025-02-10T07:48:38.352Z",
"dateUpdated": "2025-11-03T21:12:51.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26408 (GCVE-0-2025-26408)
Vulnerability from cvelistv5 – Published: 2025-02-11 09:14 – Updated: 2025-11-03 21:12- CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
| URL | Tags |
|---|---|
| https://r.sec-consult.com/wattsense | third-party-advisory |
| https://support.wattsense.com/hc/en-150/articles/… | release-notes |
| http://seclists.org/fulldisclosure/2025/Feb/9 |
| Vendor | Product | Version | |
|---|---|---|---|
| Wattsense | Wattsense Bridge |
Affected:
*
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-26408",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T14:40:43.535274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-22T14:41:30.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:50.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Feb/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Wattsense Bridge",
"vendor": "Wattsense",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Constantin Schieber-Kn\u00f6bl | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Stefan Schweighofer | SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Steffen Robertz | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device\u0027s firmware. All known versions are affected.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device\u0027s firmware. All known versions are affected."
}
],
"impacts": [
{
"capecId": "CAPEC-702",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T09:14:28.700Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/wattsense"
},
{
"tags": [
"release-notes"
],
"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe device is meant to be installed at a restricted access physical location according to the vendor and exploitation requires\u0026nbsp;\u003c/span\u003emore attacker knowledge and higher physical access. The issue will be put in the backlog of the Wattsense team."
}
],
"value": "The device is meant to be installed at a restricted access physical location according to the vendor and exploitation requires\u00a0more attacker knowledge and higher physical access. The issue will be put in the backlog of the Wattsense team."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unprotected JTAG Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-26408",
"datePublished": "2025-02-11T09:14:28.700Z",
"dateReserved": "2025-02-10T07:48:38.352Z",
"dateUpdated": "2025-11-03T21:12:50.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15083 (GCVE-0-2025-15083)
Vulnerability from cvelistv5 – Published: 2025-12-25 17:32 – Updated: 2025-12-30 21:09- CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
| URL | Tags |
|---|---|
| https://vuldb.com/?id.338411 | vdb-entry |
| https://vuldb.com/?ctiid.338411 | signaturepermissions-required |
| https://vuldb.com/?submit.707974 | third-party-advisory |
| https://hacklab.eu.org/blogs/zlt_m30s_debug_interface | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| TOZED | ZLT M30s |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 Affected: 1.5 Affected: 1.6 Affected: 1.7 Affected: 1.8 Affected: 1.9 Affected: 1.10 Affected: 1.11 Affected: 1.12 Affected: 1.13 Affected: 1.14 Affected: 1.15 Affected: 1.16 Affected: 1.17 Affected: 1.18 Affected: 1.19 Affected: 1.20 Affected: 1.21 Affected: 1.22 Affected: 1.23 Affected: 1.24 Affected: 1.25 Affected: 1.26 Affected: 1.27 Affected: 1.28 Affected: 1.29 Affected: 1.30 Affected: 1.31 Affected: 1.32 Affected: 1.33 Affected: 1.34 Affected: 1.35 Affected: 1.36 Affected: 1.37 Affected: 1.38 Affected: 1.39 Affected: 1.40 Affected: 1.41 Affected: 1.42 Affected: 1.43 Affected: 1.44 Affected: 1.45 Affected: 1.46 Affected: 1.47 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15083",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-30T21:09:16.458225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T21:09:24.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"UART Interface"
],
"product": "ZLT M30s",
"vendor": "TOZED",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.15"
},
{
"status": "affected",
"version": "1.16"
},
{
"status": "affected",
"version": "1.17"
},
{
"status": "affected",
"version": "1.18"
},
{
"status": "affected",
"version": "1.19"
},
{
"status": "affected",
"version": "1.20"
},
{
"status": "affected",
"version": "1.21"
},
{
"status": "affected",
"version": "1.22"
},
{
"status": "affected",
"version": "1.23"
},
{
"status": "affected",
"version": "1.24"
},
{
"status": "affected",
"version": "1.25"
},
{
"status": "affected",
"version": "1.26"
},
{
"status": "affected",
"version": "1.27"
},
{
"status": "affected",
"version": "1.28"
},
{
"status": "affected",
"version": "1.29"
},
{
"status": "affected",
"version": "1.30"
},
{
"status": "affected",
"version": "1.31"
},
{
"status": "affected",
"version": "1.32"
},
{
"status": "affected",
"version": "1.33"
},
{
"status": "affected",
"version": "1.34"
},
{
"status": "affected",
"version": "1.35"
},
{
"status": "affected",
"version": "1.36"
},
{
"status": "affected",
"version": "1.37"
},
{
"status": "affected",
"version": "1.38"
},
{
"status": "affected",
"version": "1.39"
},
{
"status": "affected",
"version": "1.40"
},
{
"status": "affected",
"version": "1.41"
},
{
"status": "affected",
"version": "1.42"
},
{
"status": "affected",
"version": "1.43"
},
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.45"
},
{
"status": "affected",
"version": "1.46"
},
{
"status": "affected",
"version": "1.47"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "S33K3R (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.2,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-25T17:32:06.260Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338411 | TOZED ZLT M30s UART on-chip debug and test interface with improper access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.338411"
},
{
"name": "VDB-338411 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338411"
},
{
"name": "Submit #707974 | TOZED ZLT M30s 1.47 Improper Access Control in Debug Interface",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707974"
},
{
"tags": [
"exploit"
],
"url": "https://hacklab.eu.org/blogs/zlt_m30s_debug_interface"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T10:42:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOZED ZLT M30s UART on-chip debug and test interface with improper access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15083",
"datePublished": "2025-12-25T17:32:06.260Z",
"dateReserved": "2025-12-25T09:36:38.360Z",
"dateUpdated": "2025-12-30T21:09:24.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12114 (GCVE-0-2025-12114)
Vulnerability from cvelistv5 – Published: 2025-10-23 15:29 – Updated: 2025-10-23 15:39- CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
| Vendor | Product | Version | |
|---|---|---|---|
| Azure Access Technology | BLU-IC2 |
Affected:
0 , ≤ 1.19.5
(semver)
|
|
| Azure Access Technology | BLU-IC4 |
Affected:
0 , ≤ 1.19.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:39:28.696245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:39:46.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BLU-IC2",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BLU-IC4",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Schaller"
},
{
"lang": "en",
"type": "finder",
"value": "Benjamin Lafois"
},
{
"lang": "en",
"type": "finder",
"value": "Alexi Bitsios"
},
{
"lang": "en",
"type": "finder",
"value": "Sebastian Toscano"
},
{
"lang": "en",
"type": "finder",
"value": "Dominik Schneider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEnabled\u0026nbsp;\u003c/span\u003eserial console could potentially leak information that might help attacker to find vulnerabilities.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
}
],
"value": "Enabled\u00a0serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191: On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:29:13.361Z",
"orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"shortName": "azure-access"
},
"references": [
{
"url": "https://azure-access.com/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Serial Console Enabled",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"assignerShortName": "azure-access",
"cveId": "CVE-2025-12114",
"datePublished": "2025-10-23T15:29:13.361Z",
"dateReserved": "2025-10-23T15:23:36.517Z",
"dateUpdated": "2025-10-23T15:39:46.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9709 (GCVE-0-2025-9709)
Vulnerability from cvelistv5 – Published: 2025-09-05 17:16 – Updated: 2025-09-05 18:07| Vendor | Product | Version | |
|---|---|---|---|
| Nordic Semiconductor | nRF52810 |
Affected:
0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9709",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-05T18:07:39.209816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T18:07:49.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.nordicsemi.com/Products/nRF52810",
"defaultStatus": "unaffected",
"product": "nRF52810",
"vendor": "Nordic Semiconductor",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Milena Mangiola"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the hardware system possible."
}
],
"value": "On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the hardware system possible."
}
],
"impacts": [
{
"capecId": "CAPEC-624",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-624: Hardware Fault Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191: On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1319",
"description": "CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Runtime Hardware Protection Bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T17:16:16.345Z",
"orgId": "1c6b5737-9389-4011-8117-89fa251edfb2",
"shortName": "Toreon"
},
"references": [
{
"url": "https://raelize.com/upload/research/2022/No_Hat_2022_-_Glitching_devices_for_code_execution_v1.1.pdf"
},
{
"url": "https://raelize.com/upload/research/2025/Dartmouth_202505_False-Injections-Tales-of-Physics-Misconceptions-and-Weird-Machines_v1.1.pdf"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27211"
},
{
"url": "https://www.toreon.com/cve-2025-9709-major-vulnerability-in-common-chip/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NRF52810 Runtime EM Fault Injection APPROTECT Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1c6b5737-9389-4011-8117-89fa251edfb2",
"assignerShortName": "Toreon",
"cveId": "CVE-2025-9709",
"datePublished": "2025-09-05T17:16:16.345Z",
"dateReserved": "2025-08-29T16:27:34.512Z",
"dateUpdated": "2025-09-05T18:07:49.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7213 (GCVE-0-2025-7213)
Vulnerability from cvelistv5 – Published: 2025-07-09 03:02 – Updated: 2025-07-09 17:28- CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
| URL | Tags |
|---|---|
| https://vuldb.com/?id.315162 | vdb-entry |
| https://vuldb.com/?ctiid.315162 | signaturepermissions-required |
| https://vuldb.com/?submit.608025 | third-party-advisory |
| https://medium.com/@pundhapat/sqli-in-the-cloud-r… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7213",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T17:27:32.987870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T17:28:36.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"UART Interface"
],
"product": "FNK-GU2",
"vendor": "FNKvision",
"versions": [
{
"status": "affected",
"version": "40.1.0"
},
{
"status": "affected",
"version": "40.1.1"
},
{
"status": "affected",
"version": "40.1.2"
},
{
"status": "affected",
"version": "40.1.3"
},
{
"status": "affected",
"version": "40.1.4"
},
{
"status": "affected",
"version": "40.1.5"
},
{
"status": "affected",
"version": "40.1.6"
},
{
"status": "affected",
"version": "40.1.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0xHasta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and test interface with improper access control. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in FNKvision FNK-GU2 bis 40.1.7 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Komponente UART Interface. Dank Manipulation mit unbekannten Daten kann eine on-chip debug and test interface with improper access control-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T03:02:05.807Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-315162 | FNKvision FNK-GU2 UART Interface on-chip debug and test interface with improper access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.315162"
},
{
"name": "VDB-315162 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.315162"
},
{
"name": "Submit #608025 | FNKvision FNK-GU2 Wireless IP Camera Firmware version 40.1.7 and prior On-Chip Debug and Test Interface With Improper Access Control (C",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.608025"
},
{
"tags": [
"exploit"
],
"url": "https://medium.com/@pundhapat/sqli-in-the-cloud-root-on-the-board-a-beginners-journey-into-iot-hacking-06efb2539a21"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-07T15:24:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "FNKvision FNK-GU2 UART Interface on-chip debug and test interface with improper access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7213",
"datePublished": "2025-07-09T03:02:05.807Z",
"dateReserved": "2025-07-07T13:19:13.819Z",
"dateUpdated": "2025-07-09T17:28:36.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Separation of Privilege
If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.