QwikSec

Security Database

CVE

CWE

Training

CVE-2022-30330

Published: May 7, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2

x_refsource_MISC

https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc

x_refsource_MISC

https://blog.inhq.net/posts/keepkey-CVE-2022-30330/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.