← voltar
CVE-2017-18347

CVE-2017-18347

EPSS 0.4%
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32https://www.aisec.fraunhofer.de/en/FirmwareProtection.htmlhttps://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier