CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13594
https://notcve.org/view.php?id=CVE-2020-13594
31 Aug 2020 — The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. La implementación del controlador Bluetooth Low Energy (BLE) en Espressif ESP-IDF versiones 4.2 y anteriores (para dispositivos ESP32) no restringe apropiadamente el campo channel map del paquete de petición d... • https://asset-group.github.io/cves.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-12638
https://notcve.org/view.php?id=CVE-2020-12638
23 Jul 2020 — An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption. Se detectó un problema de omisión de cifrado en dispositivos Espressif ESP-IDF versiones hasta 4.2, dispositivos ESP8266_NONOS_SDK versiones hasta 3.0.3 y dispositivos ESP8266_RTOS_SDK versiones hasta 3.3. L... • https://github.com/espressif/ESP8266_NONOS_SDK • CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2019-17391
https://notcve.org/view.php?id=CVE-2019-17391
14 Nov 2019 — An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset. Se descubrió un problema en el código ROM de la máscara de Espressif ESP32 08-06-2016 desde 0 hasta 2. La falta de mitig... • https://www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15894
https://notcve.org/view.php?id=CVE-2019-15894
07 Oct 2019 — An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. I... • https://www.espressif.com/en/news/Espressif_Security_Advisory_Concerning_Fault_Injection_and_Secure_Boot • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 3%CPEs: 6EXPL: 2CVE-2019-12586
https://notcve.org/view.php?id=CVE-2019-12586
04 Sep 2019 — The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. La implementación de peer EAP en Espressif ESP-IDF versiones 2.0.0 hasta 4.0.0 y ESP8266_NONOS_SDK versiones 2.2.0 hasta 3.1.0, procesa los mensajes EAP Success antes de cualquier completación o fallo del método EAP, lo que per... • https://github.com/Matheus-Garbelini/esp32_esp8266_attacks •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12587
https://notcve.org/view.php?id=CVE-2019-12587
04 Sep 2019 — The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. La implementación de un peer EAP en Espressif ESP-IDF versiones 2.0.0 hasta 4.0.0 y ESP8266_NONOS_SDK versiones 2.2.0 hasta 3.1.0, permite la instalación de una Pairwise Master Key (PMK)... • https://github.com/Matheus-Garbelini/esp32_esp8266_attacks • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2019-12588
https://notcve.org/view.php?id=CVE-2019-12588
04 Sep 2019 — The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. La implementación del cliente 802.11 mac en Espressif ESP8266_NONOS_SDK versiones 2.2.0 hasta 3.1.0, no comprueba correctamente el conteo de lista de la suite RSN AuthKey en tramas beacon, respuestas de ... • https://github.com/Matheus-Garbelini/esp32_esp8266_attacks • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18558
https://notcve.org/view.php?id=CVE-2018-18558
13 May 2019 — An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a dif... • https://github.com/espressif/esp-idf/releases • CWE-20: Improper Input Validation •