CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46894
https://notcve.org/view.php?id=CVE-2023-46894
09 Nov 2023 — An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. Un problema descubierto en esptool 4.6.2 permite a los atacantes ver información confidencial mediante un algoritmo criptográfico débil. • https://github.com/espressif/esptool/issues/926 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.2EPSS: 0%CPEs: 66EXPL: 0CVE-2023-35818
https://notcve.org/view.php?id=CVE-2023-35818
17 Jul 2023 — An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code. • https://espressif.com •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24893 – Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption
https://notcve.org/view.php?id=CVE-2022-24893
25 Jun 2022 — ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable... • https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41104 – web_server allows OTA update without checking user defined basic auth username & password
https://notcve.org/view.php?id=CVE-2021-41104
28 Sep 2021 — ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround, one may disable or remove `web_server`. ESPHome es un sistema para controlar el ESP8266/ESP32. • https://github.com/esphome/esphome/pull/2409/commits/207cde1667d8c799a197b78ca8a5a14de8d5ca1e • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28139 – BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://notcve.org/view.php?id=CVE-2021-28139
03 Sep 2021 — The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. La implementación de Bluetooth Classic en Espressif ESP-IDF versiones 4.4 y anteriores, no restringe apropiadamente la Página de Funcionalidades tras la recepción de un paquete LMP de Función de Respuesta A... • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28136 – BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://notcve.org/view.php?id=CVE-2021-28136
03 Sep 2021 — The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet. Una implementación de Bluetooth Classic en Espressif ESP-IDF versiones 4.4 y anteriores, no maneja apropiadamente la recepción de múltiples paquetes de petición de capacidad LMP IO duran... • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28135 – BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://notcve.org/view.php?id=CVE-2021-28135
03 Sep 2021 — The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data. Una implementación de Bluetooth Classic en Espressif ESP-IDF versión 4.4 y anteriores, no maneja apropiadamente la recepción de respuestas LMP continuas no solicitadas, permitiendo a atacantes en el rango de radio ... • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34173
https://notcve.org/view.php?id=CVE-2021-34173
14 Jul 2021 — An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover. Un atacante puede causar una Denegación de Servicio y un pánico del kernel en versión v4.2 y versiones anteriores de Espressif esp32 por medio de un marco csa de beacon malformado. El dispositivo requiere un reinicio para recuperarse • https://github.com/E7mer •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-16146
https://notcve.org/view.php?id=CVE-2020-16146
12 Jan 2021 — Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow. Espressif ESP-IDF versiones 2.x, 3.0.x hasta 3.0.9, versiones 3.1.x hasta 3.1.7, versiones 3.2.x hasta 3.2.3, versiones 3.3.x hast... • https://github.com/espressif/esp-idf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13595
https://notcve.org/view.php?id=CVE-2020-13595
31 Aug 2020 — The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets. La implementación del controlador Bluetooth Low Energy (BLE) en Espressif ESP-IDF versiones 4.0 ha... • https://asset-group.github.io/cves.html • CWE-617: Reachable Assertion •