Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keepkey keepkey firmware vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2019-18671
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauth...
Keepkey Keepkey Firmware
614
VMScore
CVE-2022-30330
In the KeepKey firmware prior to 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the t...
Keepkey Keepkey Firmware
445
VMScore
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidat...
Shapeshift Keepkey Firmware
NA
CVE-2023-27892
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware prior to 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or cra...
Shapeshift Keepkey Firmware
169
VMScore
CVE-2019-14355
On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB c...
Shapeshift Keepkey Firmware -
605
VMScore
CVE-2021-31616
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware prior to 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vuln...
Shapeshift Keepkey Firmware
445
VMScore
CVE-2018-6875
Format String vulnerability in KeepKey version 4.0.0 allows malicious users to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.
Shapeshift Keepkey Firmware 4.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started