Skip to main content

Keepkey Firmware

7 CVEs product

Monthly

CVE-2023-27892 MEDIUM POC PATCH This Month

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. Public exploit code available.

Buffer Overflow Information Disclosure Keepkey Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2022-30330 MEDIUM POC PATCH This Month

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Keepkey Firmware
NVD GitHub
CVSS 3.1
6.6
EPSS
0.5%
CVE-2021-31616 HIGH POC PATCH This Week

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Keepkey Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-18672 HIGH PATCH This Week

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Keepkey Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-18671 CRITICAL PATCH Act Now

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Keepkey Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-14355 LOW Monitor

On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepkey Firmware
NVD
CVSS 3.0
2.4
EPSS
0.3%
CVE-2018-6875 HIGH This Week

Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepkey Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
EPSS 0% CVSS 5.7
MEDIUM POC PATCH This Month

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. Public exploit code available.

Buffer Overflow Information Disclosure Keepkey Firmware
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM POC PATCH This Month

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Keepkey Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Keepkey Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 2.4
LOW Monitor

On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepkey Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepkey Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy