CWE-1234 类弱点 4 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-1234 属于硬件配置保护绕过漏洞。攻击者通常在设备进入调试模式时,利用该状态下的特权绕过由固件设置的锁定机制,从而修改受保护的寄存器或地址区域,破坏系统完整性。开发者应避免在调试模式下暴露配置接口,或在进入调试状态前强制解锁并重新验证安全策略,确保关键配置在运行时不可被非法篡改。
module Locked_register_example ( input [15:0] Data_in, input Clk, input resetn, input write, input Lock, input scan_mode, input debug_unlocked, output reg [15:0] Data_out ); reg lock_status; always @(posedge Clk or negedge resetn) if (~resetn) // Register is reset resetn begin lock_status <= 1'b0; end else if (Lock) begin lock_status <= 1'b1; end else if (~Lock) begin lock_status <= lock_status end always @(posedge Clk or negedge resetn) if (~resetn) // Register is reset resetn begin Data_out <= 16'h0000; end else if (write & (~lock_status | scan_mode | debug_unlocked) ) // Register protected Either remove the debug and scan mode overrides or protect enabling of these modes so that only trusted and authorized users may enable these modes.... always @(posedge clk_i) begin if(~(rst_ni && ~jtag_unlock && ~rst_9)) begin for (j=0; j < 6; j=j+1) begin reglk_mem[j] <= 'h0; end end ...... always @(posedge clk_i) begin if(~(rst_ni && ~rst_9)) begin for (j=0; j < 6; j=j+1) begin reglk_mem[j] <= 'h0; end end ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-33242 | NVIDIA B300 MCU 安全漏洞 — HGX and DGX B300 | 5.9 | Medium | 2026-03-24 |
| CVE-2025-59104 | Dormakaba Access Manager 安全漏洞 — Access Manager 92xx-k7 | 6.8AI | MediumAI | 2026-01-26 |
| CVE-2023-44298 | Dell PowerEdge Server BIOS 安全漏洞 — PowerEdge BIOS | 3.6 | Low | 2023-12-05 |
| CVE-2023-44297 | Dell PowerEdge Server BIOS 安全漏洞 — PowerEdge BIOS | 7.1 | High | 2023-12-05 |
CWE-1234 是常见的弱点类别,本平台收录该类弱点关联的 4 条 CVE 漏洞。