What is the CVSS score of CVE-2024-53406?

CVE-2024-53406 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Esp Idf are affected by CVE-2024-53406?

Organizations using Espressif Esp idf v5.3.0 face significant risk from CVE-2024-53406, a IDOR vulnerability rated CVSS 8.8.

Is there a public PoC exploit available for CVE-2024-53406?

Yes, a public proof-of-concept exploit is available for CVE-2024-53406. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2024-53406?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Esp Idf CVE-2024-53406

HIGH

Authorization Bypass Through User-Controlled Key (CWE-639)

2025-03-13 cve@mitre.org

Authentication Bypass Esp Idf

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:31 vuln.today

PoC Detected

Dec 31, 2025 - 01:04 vuln.today

Public exploit code

CVE Published

Mar 13, 2025 - 17:15 nvd

HIGH 8.8

DescriptionCVE.org

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.

AnalysisAI

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-639. Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks. Affected products include: Espressif Esp-Idf.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-45328 HIGH This Week

8.8 Jun 10

Privilege escalation from REE to TEE in Espressif ESP-IDF 5.5.4 and 6.0 lets a low-privileged user-application caller ab

CVE-2026-45541 HIGH This Week

7.5 Jun 10

Remote denial-of-service in Espressif ESP-IDF's esp_http_server WebSocket handshake allows unauthenticated attackers to

CVE-2026-45542 HIGH This Week

7.1 Jun 10

Heap buffer overflow in Espressif ESP-IDF's protocomm component allows adjacent-network attackers to corrupt heap memory

CVE-2026-45160 MEDIUM This Month

6.5 Jun 10

Out-of-bounds read in ESP-IDF's embedded DHCP server crashes or exposes heap memory on ESP32 devices operating in SoftAP

CVE-2026-46532 MEDIUM This Month

4.6 Jun 10

Out-of-bounds read in ESP-IDF's BlueDroid AVRCP vendor-command parser allows adjacent Bluetooth attackers with low privi

CVE-2024-53406 vulnerability details – vuln.today

Back

Esp Idf CVE-2024-53406

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code