Browse all 3 CVE security advisories affecting Lamassu. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Lamassu is an open-source Bitcoin ATM software that enables operators to deploy cryptocurrency kiosks for buying and selling digital assets. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. The software's security characteristics include its reliance on hardened Linux systems and network isolation, though past incidents have demonstrated that misconfigurations and unpatched components can lead to complete compromise of ATM operations. With three CVEs documented, the project continues to address security challenges while maintaining its core function in the cryptocurrency ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-0676 | Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines — Bitcoin ATM Douro machinesCWE-521 | 5.6 | Medium | 2024-01-30 |
| CVE-2024-0675 | Improper checking for unusual or exceptional conditions vulnerability in Lamassu Bitcoin ATM Douro machines — Bitcoin ATM Douro machinesCWE-754 | 6.3 | Medium | 2024-01-30 |
| CVE-2024-0674 | Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines — Bitcoin ATM Douro machinesCWE-269 | 6.3 | Medium | 2024-01-30 |
This page lists every published CVE security advisory associated with Lamassu. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.