CVE-2021-40154

NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
mitreCNA
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AC:L/AV:L/A:L/C:H/I:N/PR:L/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
nxplpc55s69jbd100_firmware
-
nxplpc55s69jbd100_firmware
-
nxplpc55s69jbd64_firmware
-
nxplpc55s69jbd64_firmware
-
nxplpc55s69jev98_firmware
-
nxplpc55s69jev98_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Xen1thLabs-AE/CVE-2021-40154
https://www.darkmatter.ae/xen1thlabs/published-advisories/
https://github.com/Xen1thLabs-AE/CVE-2021-40154
https://www.darkmatter.ae/xen1thlabs/published-advisories/