VYPR

ESP32

by Espressif

CVEs (9)

  • CVE-2021-28139HigSep 7, 2021
    risk 0.57cvss 8.8epss 0.01

    The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended…

  • CVE-2021-34173HigJul 14, 2021
    risk 0.49cvss 7.5epss 0.01

    An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover.

  • CVE-2023-35818MedJul 17, 2023
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the…

  • CVE-2021-28136MedSep 7, 2021
    risk 0.42cvss 6.5epss 0.01

    The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in…

  • CVE-2021-28135MedSep 7, 2021
    risk 0.42cvss 6.5epss 0.01

    The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP…

  • CVE-2019-17391MedNov 14, 2019
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as…

  • CVE-2025-65822Dec 10, 2025
    risk 0.00cvss epss 0.00

    The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious…

  • CVE-2025-65821Dec 10, 2025
    risk 0.00cvss epss 0.00

    As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows…

  • CVE-2025-27840Mar 8, 2025
    risk 0.00cvss epss 0.01

    Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).