目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1242 类漏洞列表 13

CWE-1242 类弱点 13 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1242指设备包含未记录功能或“鸡位”,这类隐藏特性可能成为未授权访问的入口。攻击者常利用这些未文档化的位来禁用安全功能,从而绕过防护机制。开发者应避免在固件或硬件中保留此类未记录特性,确保所有功能均有明确文档并经过严格安全审查,以消除潜在的攻击面,提升系统整体安全性。

MITRE CWE 官方描述
CWE:CWE-1242 包含未记录的特性或 Chicken Bits 英文:设备中包含 Chicken bits 或未记录的特性,这些特性可能为未经授权的行为者创建入口点。 一种常见的设计实践是在设备中使用未记录的位(bits),这些位可用于禁用某些功能性安全特性。这些位通常被称为“Chicken bits”。它们有助于快速识别和隔离故障组件、对性能产生负面影响的特性,或无法为调试和测试提供所需可控性的特性。实现这一目标的另一种方式是通过实施未记录的特性。
常见影响 (1)
Confidentiality, Integrity, Availability, Access ControlModify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism
An attacker might exploit these interfaces for unauthorized access.
缓解措施 (1)
Architecture and Design, ImplementationThe implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented.
Effectiveness: High
代码示例 (1)
Consider a device that comes with various security measures, such as secure boot. The secure-boot process performs firmware-integrity verification at boot time, and this code is stored in a separate SPI-flash device. However, this code contains undocumented "special access features" intended to be used only for performing failure analysis and intended to only be unlocked by the device designer.
Attackers dump the code from the device and then perform reverse engineering to analyze the code. The undocumented, special-access features are identified, and attackers can activate them by sending specific commands via UART before secure-boot phase completes. Using these hidden features, attackers can perform reads and writes to memory via the UART interface. At runtime, the attackers can also execute arbitrary code and dump the entire memory contents.
Bad · Other
CVE ID标题CVSS风险等级Published
CVE-2023-3634 Festo MSE6 安全漏洞 — MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD 8.8 High2026-04-16
CVE-2025-41756 MBS多款产品 安全漏洞 — UBR-01 Mk II 8.1 High2026-03-09
CVE-2025-41754 MBS多款产品 安全漏洞 — UBR-01 Mk II 6.5 Medium2026-03-09
CVE-2026-24714 NETGEAR PR2000 安全漏洞 — NETGEAR products 7.1AIHighAI2026-01-30
CVE-2025-12176 Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞 — BLU-IC2 9.8 -2025-10-24
CVE-2017-20204 DBLTek GoIP 安全漏洞 — GoIP 9.8AICriticalAI2025-10-15
CVE-2025-55050 Baicells多款产品 安全漏洞 — NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846 9.8 Critical2025-09-09
CVE-2025-52548 Copeland E3 Supervisory Control 安全漏洞 — E3 Supervisory Control 7.2AIHighAI2025-09-02
CVE-2025-22450 I-O Data Device UD-LT2 安全漏洞 — UD-LT2 5.3 -2025-01-22
CVE-2024-54457 FXC AE1021和FXC AE1021PE 安全漏洞 — AE1021 7.2 High2024-12-18
CVE-2024-52564 I-O Data Device UD-LT1和UD-LT1/EX 安全漏洞 — UD-LT1 9.8 -2024-12-05
CVE-2024-7011 Sharp NEC Projectors 安全漏洞 — NP-CB4500UL 8.1AIHighAI2024-09-27
CVE-2024-2103 Schweitzer Engineering Laboratories 多款产品安全漏洞 — SEL-700BT Motor Bus Transfer Relay 6.5 Medium2024-04-04

CWE-1242 是常见的弱点类别,本平台收录该类弱点关联的 13 条 CVE 漏洞。