CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53540 – CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-53540
07 Jul 2025 — arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1. • https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53007 – arduino-esp32 vulnerable to CRLF injection in WebServer.cpp
https://notcve.org/view.php?id=CVE-2025-53007
26 Jun 2025 — arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The `sendHeader` function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoing HTTP response headers. There is no validation or sanitization of the `name` or `value` parameters before they are included in the HTTP response. If an attacker can control the input to `sendHeader` (either dire... • https://github.com/espressif/arduino-esp32/security/advisories/GHSA-5476-9jjq-563m • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-52471 – ESP-NOW Integer Underflow Vulnerability Advisory
https://notcve.org/view.php?id=CVE-2025-52471
24 Jun 2025 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficient validation of user-supplied data length in the packet receive function. Under certain conditions, this may lead to out-of-bounds memory access and may allow arbitrary memory write operations. On systems without... • https://github.com/espressif/esp-idf/commit/b1a379d57430d265a53aca13d59ddfbf2e7ac409 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53406
https://notcve.org/view.php?id=CVE-2024-53406
13 Mar 2025 — Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks. • https://github.com/espressif/esp-idf • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 3CVE-2025-27840
https://notcve.org/view.php?id=CVE-2025-27840
08 Mar 2025 — Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). • https://github.com/em0gi/CVE-2025-27840 • CWE-912: Hidden Functionality •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53845 – AES/CBC Constant IV Vulnerability in ESPTouch v2
https://notcve.org/view.php?id=CVE-2024-53845
11 Dec 2024 — ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the applic... • https://github.com/EspressifApp/EsptouchForAndroid/tree/master/esptouch-v2 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-909: Missing Initialization of Resource •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2024-33453
https://notcve.org/view.php?id=CVE-2024-33453
17 Oct 2024 — Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component. • https://github.com/Ant1sec-ops/CVE-2024-33453 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42483 – ESP-NOW Replay Attacks Vulnerability
https://notcve.org/view.php?id=CVE-2024-42483
12 Sep 2024 — ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captur... • https://github.com/espressif/esp-now/commit/4e30db50d541b2909d278ef0db05de1a3d7190ef • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42484 – ESP-NOW OOB Vulnerability In Group Type Message
https://notcve.org/view.php?id=CVE-2024-42484
12 Sep 2024 — ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type message. This can result in memory corruption related attacks. Normally there are two fields in the group information that need to be checked, i.e., the addrs_num field and the addrs_list fileld. Since we only checked the addrs_list field, an attacker can send a ... • https://github.com/espressif/esp-now/commit/b03a1b4593713fa4bf0038a87edca01f10114a7a • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28183 – Anti Rollback bypass with physical access and TOCTOU attack
https://notcve.org/view.php?id=CVE-2024-28183
25 Mar 2024 — ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having low... • https://github.com/espressif/esp-idf/commit/3305cb4d235182067936f8e940e6db174e25b4b2 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •