CVE-2024-53406

High CVSS: 8.8

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.

Vendor

Espressif

Product

Esp-idf

CWE

CWE-639

Yayın Tarihi

2025-03-13 17:15:33

Güncelleme

2025-12-31 01:04:08

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-639 Esp-idf HIGH Espressif 2025

Referanslar

https://github.com/espressif/esp-idf https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Esp/sk_reuse.md

Benzer Kayıtlar

Medium

CVE-2026-25507

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1…

Medium

CVE-2026-25508

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1…

Medium

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1…

Medium

CVE-2025-68656

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_r…

Medium

CVE-2025-68657

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hi…

Medium

CVE-2025-68622

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in…