Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1282 — Vulnerability Class 8

8 vulnerabilities classified as CWE-1282. AI Chinese analysis included.

CWE-1282 represents a critical configuration weakness where data intended to remain immutable, such as bootloader code or cryptographic keys, is stored in writable memory regions. This vulnerability allows attackers to exploit the system by modifying these critical assets in the field, thereby bypassing security mechanisms like secure boot, code authentication, and device attestation. By altering the first-stage bootloader or golden hash digests, an adversary can inject malicious code or disable integrity checks, leading to full system compromise. To prevent this, developers must enforce strict memory protection policies, ensuring that sensitive, read-only data is stored in non-writable storage areas like ROM or read-only memory partitions. Additionally, implementing hardware-enforced access controls and regular integrity verification processes helps maintain the immutability of essential security assets, preserving the trust foundation of the device.

MITRE CWE Description
Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field. Security services such as secure boot, authentication of code and data, and device attestation all require assets such as the first stage bootloader, public keys, golden hash digests, etc. which are implicitly trusted. Storing these assets in read-only memory (ROM), fuses, or one-time programmable (OTP) memory provides strong integrity guarantees and provides a root of trust for securing the rest of the system. Security is lost if assets assumed to be immutable can be modified.
Common Consequences (1)
IntegrityVaries by Context
Mitigations (1)
ImplementationAll immutable code or data should be programmed into ROM or write-once memory.
Examples (1)
Cryptographic hash functions are commonly used to create unique fixed-length digests used to ensure the integrity of code and keys. A golden digest is stored on the device and compared to the digest computed from the data to be verified. If the digests match, the data has not been maliciously modified. If an attacker can modify the golden digest they then have the ability to store arbitrary data t…
CVE IDTitleCVSSSeverityPublished
CVE-2018-25229 BulletProof FTP Server 2019.0.0.50 Denial of Service via SMTP — BulletProof FTP Server 5.5 Medium2026-03-30
CVE-2019-25590 Axessh 4.2 Denial of Service via Log File Name — Axessh 6.2 Medium2026-03-22
CVE-2019-25588 BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address — BulletProof FTP Server 6.2 Medium2026-03-22
CVE-2019-25587 BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service — BulletProof FTP Server 6.2 Medium2026-03-22
CVE-2019-25583 RarmaRadio 2.72.3 Username Field Denial of Service — RarmaRadio 6.2 Medium2026-03-22
CVE-2019-25551 Sandboxie 5.30 Denial of Service via Program Alerts Buffer Overflow — Sandboxie 6.2 Medium2026-03-21
CVE-2019-25358 FileOptimizer 14.00.2524 - Denial of Service — FileOptimizer 7.5 High2026-02-18
CVE-2022-2483 Nokia ASIK AirScale 5G Common System Module 安全漏洞 — ASIK AirScale 8.4 High2023-01-06

Vulnerabilities classified as CWE-1282 represent 8 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.