CVE-2023-35818
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-35818
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Espressif ESP32 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Espressif ESP32是中国乐鑫信息科技(Espressif)公司的一款单片机微控制器。 Espressif ESP32 3.0 (ESP32_rev300 ROM)存在安全漏洞,该漏洞源于无论安全启动和闪存加密状态如何,对 ECO3 的 EMFI 攻击能够影响 CPU 上下文级别的 PC 值。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2023-35818
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-35818
请登录查看更多情报信息。
Same Patch Batch · n/a · 2023-07-17 · 25 CVEs total
| CVE-2023-38404 | 7.2 HIGH | Veritas Technologies Infoscale Operations Manager 代码问题漏洞 |
| CVE-2023-37781 | EMQ X 路径遍历漏洞 | |
| CVE-2023-38426 | Linux kernel 缓冲区错误漏洞 | |
| CVE-2023-38427 | Linux kernel 数字错误漏洞 | |
| CVE-2023-38428 | Linux kernel 缓冲区错误漏洞 | |
| CVE-2023-38429 | Linux kernel 安全漏洞 | |
| CVE-2023-38430 | Linux kernel 缓冲区错误漏洞 | |
| CVE-2023-38431 | Linux kernel 缓冲区错误漏洞 | |
| CVE-2023-38432 | Linux kernel 缓冲区错误漏洞 | |
| CVE-2023-38409 | Linux kernel 安全漏洞 | |
| CVE-2023-28864 | Progress Software Chef Infra Server 安全漏洞 | |
| CVE-2023-37769 | Pixman 数字错误漏洞 | |
| CVE-2023-37770 | Faust 缓冲区错误漏洞 | |
| CVE-2023-31853 | Cudy Technology LT400 跨站脚本漏洞 | |
| CVE-2021-37384 | Furukawa Electric 423-41W/AC 安全漏洞 | |
| CVE-2023-38403 | iperf3 输入验证错误漏洞 | |
| CVE-2023-38405 | Crestron 3-Series 安全漏洞 | |
| CVE-2022-30858 | ngiflib 资源管理错误漏洞 | |
| CVE-2023-37791 | D-Link DIR-619 缓冲区错误漏洞 | |
| CVE-2023-36656 | Jaeger UI 跨站脚本漏洞 |
Showing top 20 of 25 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2023-35818
No comments yet