Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keepkey keepkey firmware vulnerabilities and exploits
(subscribe to this query)
6.6
CVSSv3
CVE-2022-30330
In the KeepKey firmware prior to 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the t...
Keepkey Keepkey Firmware
9.8
CVSSv3
CVE-2019-18671
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauth...
Keepkey Keepkey Firmware
8.8
CVSSv3
CVE-2021-31616
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware prior to 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vuln...
Shapeshift Keepkey Firmware
7.5
CVSSv3
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidat...
Shapeshift Keepkey Firmware
5.7
CVSSv3
CVE-2023-27892
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware prior to 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or cra...
Shapeshift Keepkey Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started