Search criteria
4 vulnerabilities found for keepkey_firmware by keepkey
CVE-2022-30330 (GCVE-0-2022-30330)
Vulnerability from nvd – Published: 2022-05-07 03:25 – Updated: 2024-08-03 06:48
VLAI?
Summary
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:35.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-05T11:30:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2",
"refsource": "MISC",
"url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2"
},
{
"name": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc",
"refsource": "MISC",
"url": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc"
},
{
"name": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330/",
"refsource": "MISC",
"url": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30330",
"datePublished": "2022-05-07T03:25:34.000Z",
"dateReserved": "2022-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:35.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18671 (GCVE-0-2019-18671)
Vulnerability from nvd – Published: 2019-12-06 17:53 – Updated: 2024-08-05 01:54
VLAI?
Summary
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T02:53:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3",
"refsource": "MISC",
"url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"
},
{
"name": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065",
"refsource": "MISC",
"url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
},
{
"name": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3",
"refsource": "CONFIRM",
"url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
},
{
"name": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/",
"refsource": "MISC",
"url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18671",
"datePublished": "2019-12-06T17:53:29.000Z",
"dateReserved": "2019-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30330 (GCVE-0-2022-30330)
Vulnerability from cvelistv5 – Published: 2022-05-07 03:25 – Updated: 2024-08-03 06:48
VLAI?
Summary
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:35.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-05T11:30:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2",
"refsource": "MISC",
"url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2"
},
{
"name": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc",
"refsource": "MISC",
"url": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc"
},
{
"name": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330/",
"refsource": "MISC",
"url": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30330",
"datePublished": "2022-05-07T03:25:34.000Z",
"dateReserved": "2022-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:35.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18671 (GCVE-0-2019-18671)
Vulnerability from cvelistv5 – Published: 2019-12-06 17:53 – Updated: 2024-08-05 01:54
VLAI?
Summary
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T02:53:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3",
"refsource": "MISC",
"url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"
},
{
"name": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065",
"refsource": "MISC",
"url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
},
{
"name": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3",
"refsource": "CONFIRM",
"url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
},
{
"name": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/",
"refsource": "MISC",
"url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18671",
"datePublished": "2019-12-06T17:53:29.000Z",
"dateReserved": "2019-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}