CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 0CVE-2023-47415
https://notcve.org/view.php?id=CVE-2023-47415
07 Mar 2024 — Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter. Se descubrió que Cypress Solutions CTM-200 v2.7.1.5600 y versiones anteriores contenían una vulnerabilidad de inyección de comandos del sistema operativo a través del parámetro cli_text. • http://ctm-200.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34145 – BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://notcve.org/view.php?id=CVE-2021-34145
03 Sep 2021 — The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. Una implementación de Bluetooth Classic en la pila WICED BT de Cypress versiones hasta 2.9.0, para los dispositivos CYW20735B1 no mane... • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34146 – BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://notcve.org/view.php?id=CVE-2021-34146
03 Sep 2021 — The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. Una implementación de Bluetooth Classic en el Cypress CYW920735Q60EVB no maneja apropiadamente la recepción de respuestas LMP continuas no solicitadas, permitiendo a atacantes en el rango de radio ... • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34147 – BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://notcve.org/view.php?id=CVE-2021-34147
03 Sep 2021 — The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. Una implementación de Bluetooth Classic en la pila BT de Cypress WI... • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34148 – BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://notcve.org/view.php?id=CVE-2021-34148
03 Sep 2021 — The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. Una implementación de Bluetooth Classic en la pila WICED BT de Cypress versiones hasta 2.9.0 para los dispositivos CYW20735B1, no maneja apropiadamente la recepción de LMP_ma... • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18614
https://notcve.org/view.php?id=CVE-2019-18614
16 Jun 2020 — On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending "... • https://github.com/seemoo-lab/frankenstein/blob/master/doc/CVE_2019_18614.md • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11957
https://notcve.org/view.php?id=CVE-2020-11957
09 Jun 2020 — The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing. La implementación de Bluetoo... • https://www.cypress.com/file/504466/download • CWE-331: Insufficient Entropy •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-13916
https://notcve.org/view.php?id=CVE-2019-13916
13 Apr 2020 — An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. As a Bluetooth Low Energy (BLE) packet is received, it is copied into a Heap (ThreadX Block) buffer. The buffer allocated in dhmulp_getRxBuffer is four bytes too small to hold the maximum of 255 bytes plus headers. It is possible to corrupt a pointer in the linked list holding the free buffers of the g_mm_BLEDeviceToHostPool Block pool. This pointer can be fully controlled by overflowing with 3 bytes of packet... • https://community.cypress.com/thread/53681 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2019-16336
https://notcve.org/view.php?id=CVE-2019-16336
12 Feb 2020 — The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame. La implementación de Bluetooth Low Energy en el plugin Cypress PSoC 4 BLE versiones 3.61 y anteriores, procesa tramas de canal de datos con una longitud de carga útil mayor que el tamaño de carga... • https://asset-group.github.io/disclosures/sweyntooth • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17061
https://notcve.org/view.php?id=CVE-2019-17061
10 Feb 2020 — The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. La implementación de la pila de Bluetooth Low Energy (BLE) en dispositivos Cypress PSoC... • https://asset-group.github.io/disclosures/sweyntooth • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •