CVE-2025-65822

Medium CVSS: 6.8

The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be executed upon running. As a result, the victim will lose access to the functionality of their device and the attack may gain unauthorized access to the victim's Wi-Fi network by re-connecting to the SSID defined in the NVS partition of the device.

Vendor

Meatmeet

Product

Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware

CWE

CWE-1191

Yayın Tarihi

2025-12-10 21:16:07

Güncelleme

2026-01-21 19:08:19

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1191 Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware MEDIUM Meatmeet 2025

Referanslar

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-jtag-enabled-md https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/JTAG-Enabled.md

Benzer Kayıtlar

Medium

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the applicati…

Critical

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was d…

High

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmw…

Medium

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet devi…

Critical

CVE-2025-65826

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retri…

Critical

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over…