Skip to main content

CWE-1191

On-Chip Debug and Test Interface With Improper Access Control

14 CVEs Avg CVSS 6.4 MITRE
1
CRITICAL
2
HIGH
8
MEDIUM
1
LOW
2
POC
0
KEV

Monthly

CVE-2025-52533 Monitor

Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.

Authentication Bypass
NVD
EPSS
0.0%
CVE-2024-36319 Monitor

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.

Information Disclosure
NVD
EPSS
0.0%
CVE-2025-15083 LOW POC Monitor

UART interface debug and test access control bypass in TOZED ZLT M30s firmware versions up to 1.47 allows physical attackers to access on-chip debug interfaces with improper authentication, leading to information disclosure and potential system manipulation. Exploitation requires direct physical device access and is difficult to execute, but publicly available exploit code exists and the vendor has not responded to disclosure. With an EPSS score of 0.03% and CVSS 0.3, real-world risk is minimal despite public POC availability.

Information Disclosure Zlt M30S Firmware
NVD VulDB
CVSS 4.0
0.3
EPSS
0.0%
CVE-2025-9709 HIGH This Month

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-7213 MEDIUM This Month

A security vulnerability in FNKvision FNK-GU2 (CVSS 6.4). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD VulDB
CVSS 4.0
4.5
EPSS
0.0%
CVE-2025-47822 MEDIUM This Month

CVE-2025-47822 is a security vulnerability (CVSS 6.4). Remediation should follow standard vulnerability management procedures.

Information Disclosure License Plate Reader Firmware
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-47819 MEDIUM PATCH This Month

CVE-2025-47819 is a security vulnerability (CVSS 6.4). Remediation should follow standard vulnerability management procedures.

Information Disclosure Gunshot Detection Firmware
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-48468 MEDIUM This Month

A security vulnerability in Successful exploitation of the vulnerability could allow an attacker that (CVSS 6.4) that allows an attacker that has physical access. Remediation should follow standard vulnerability management procedures.

Code Injection Wise 4010lan Firmware Wise 4060lan Firmware Wise 4050lan Firmware
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-26409 MEDIUM This Month

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-26408 MEDIUM This Month

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.1%
EPSS 0%
Monitor

Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.

Authentication Bypass
NVD
EPSS 0%
Monitor

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.

Information Disclosure
NVD
EPSS 0% CVSS 0.3
LOW POC Monitor

UART interface debug and test access control bypass in TOZED ZLT M30s firmware versions up to 1.47 allows physical attackers to access on-chip debug interfaces with improper authentication, leading to information disclosure and potential system manipulation. Exploitation requires direct physical device access and is difficult to execute, but publicly available exploit code exists and the vendor has not responded to disclosure. With an EPSS score of 0.03% and CVSS 0.3, real-world risk is minimal despite public POC availability.

Information Disclosure Zlt M30S Firmware
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Month

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

A security vulnerability in FNKvision FNK-GU2 (CVSS 6.4). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

CVE-2025-47822 is a security vulnerability (CVSS 6.4). Remediation should follow standard vulnerability management procedures.

Information Disclosure License Plate Reader Firmware
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

CVE-2025-47819 is a security vulnerability (CVSS 6.4). Remediation should follow standard vulnerability management procedures.

Information Disclosure Gunshot Detection Firmware
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A security vulnerability in Successful exploitation of the vulnerability could allow an attacker that (CVSS 6.4) that allows an attacker that has physical access. Remediation should follow standard vulnerability management procedures.

Code Injection Wise 4010lan Firmware Wise 4060lan Firmware +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy