CVE-2022-30330

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
keepkeykeepkey_firmware
𝑥
< 7.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.inhq.net/posts/keepkey-CVE-2022-30330/
https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc
https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2
https://blog.inhq.net/posts/keepkey-CVE-2022-30330/
https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc
https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2