Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.2
CVSSv3

CVE-2023-25758

Published: 14/02/2023 Updated: 22/02/2023
CVSS v3 Base Score: 4.2 | Impact Score: 3.6 | Exploitability Score: 0.5
VMScore: 0
Subscribe to Onekey Touch Firmware

Vulnerability Summary

Onekey Touch devices up to and including 4.0.0 and Onekey Mini devices up to and including 2.10.0 allow man-in-the-middle malicious users to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

onekey onekey_touch_firmware

onekey onekey_mini_firmware

References

NVD-CWE-noinfohttps://blog.onekey.so/our-response-to-recent-security-fix-reports-13914fea8afdhttps://github.com/OneKeyHQ/firmwarehttps://fortune.com/crypto/2023/02/09/cyber-firm-cracks-onekey-crypto-wallets-in-video-raises-questions-hardware-security/amp/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook