目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-1191 类漏洞列表 12

CWE-1191 类弱点 12 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1191指片上调试与测试接口缺乏访问控制,属于硬件安全漏洞。攻击者常通过JTAG等物理接口,利用未受保护的扫描链非法读取内部寄存器或进入测试模式,从而窃取敏感数据或篡改固件。开发者需在芯片设计中实施严格的身份验证机制,确保仅授权用户可访问调试接口,并在生产阶段禁用或锁定测试端口,以阻断未授权访问路径。

MITRE CWE 官方描述
CWE:CWE-1191 片上调试和测试接口访问控制不当 英文:芯片未实现或未正确执行访问控制,以检查用户是否有权通过物理调试/测试接口访问内部寄存器和测试模式。 设备的内部信息可通过互连的内部寄存器扫描链(scan chain)访问,通常通过 JTAG 接口实现。JTAG 接口以扫描链的形式串行提供对这些寄存器的访问权限,目的是调试在设备上运行的程序。由于设备内包含的几乎所有信息都可通过此接口访问,设备制造商通常会插入某种形式的认证(authentication)和授权(authorization),以防止未经授权使用这些敏感信息。此机制是在现有片上保护(on-chip protections)基础之上额外实施的。如果未实现或未正确实现授权、认证或其他形式的访问控制,用户可能能够通过调试接口绕过片上保护机制。有时,设计人员选择不将调试引脚暴露在主板上,而是选择将这些引脚隐藏在电路板的中间层中。这主要是为了应对芯片内部缺乏调试授权的问题。在这种情况下(无调试授权),当调试接口暴露时,攻击者即可访问芯片内部。
常见影响 (6)
ConfidentialityRead Application Data
ConfidentialityRead Memory
AuthorizationExecute Unauthorized Code or Commands
IntegrityModify Memory
IntegrityModify Application Data
缓解措施 (1)
Architecture and DesignIf feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.
Effectiveness: High
代码示例 (2)
A home, WiFi-router device implements a login prompt which prevents an unauthorized user from issuing any commands on the device until appropriate credentials are provided. The credentials are protected on the device and are checked for strength against attack.
If the JTAG interface on this device is not hidden by the manufacturer, the interface may be identified using tools such as JTAGulator. If it is hidden but not disabled, it can be exposed by physically wiring to the board. By issuing a "halt" command before the OS starts, the unauthorized user pauses the watchdog timer and prevents the router from restarting (once the watchdog timer would have expired). Having paused the router, an unauthorized user is able to execute code and inspect and modify data in the device, even extracting all of the router's firmware. This allows the user to examine t
Bad · Other
In order to prevent exposing the debugging interface, manufacturers might try to obfuscate the JTAG interface or blow device internal fuses to disable the JTAG interface. Adding authentication and authorization to this interface makes use by unauthorized individuals much more difficult.
Good · Other
The following example code is a snippet from the JTAG wrapper module in the RISC-V debug module of the HACK@DAC'21 Openpiton SoC [REF-1355]. To make sure that the JTAG is accessed securely, the developers have included a primary authentication mechanism based on a password.
... PassChkValid: begin if(hashValid) begin if(exp_hash == pass_hash) begin pass_check = 1'b1; end else begin pass_check = 1'b0; end state_d = Idle; end else begin state_d = PassChkValid; end end ...
Bad · Verilog
... case (state_q) Idle: begin ... else if ( (dm::dtm_op_e'(dmi.op) == dm::DTM_PASS) && (miss_pass_check_cnt_q != 2'b11) ) begin state_d = Write; pass_mode = 1'b1; end ... end ... PassChkValid: begin if(hashValid) begin if(exp_hash == pass_hash) begin pass_check = 1'b1; end else begin pass_check = 1'b0; miss_pass_check_cnt_d = miss_pass_check_cnt_q + 1 end state_d = Idle; end else begin state_d = PassChkValid; end end ...
Good · Verilog
CVE ID标题CVSS风险等级Published
CVE-2024-36319 AMD多款产品 安全漏洞 — AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics; AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics 9.8AICriticalAI2026-02-12
CVE-2025-52533 AMD Processors 安全漏洞 — AMD EPYC™ 7003 Series Processors 6.7AIMediumAI2026-02-12
CVE-2025-15083 TOZED ZLT M30S 安全漏洞 — ZLT M30s 2.0 Low2025-12-25
CVE-2025-12114 Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞 — BLU-IC2 6.5AIMediumAI2025-10-23
CVE-2025-9709 Nordic Semiconductor nRF52810 安全漏洞 — nRF52810 6.1AIMediumAI2025-09-05
CVE-2025-7213 FNKvision FNK-GU2 安全漏洞 — FNK-GU2 6.4 Medium2025-07-09
CVE-2025-47822 Flock Safety LPR 安全漏洞 — License Plate Reader 6.4 Medium2025-06-27
CVE-2025-47819 Flock Safety Gunshot Detection 安全漏洞 — Gunshot Detection devices 6.4 Medium2025-06-27
CVE-2025-26408 Wattsense Bridge 安全漏洞 — Wattsense Bridge 6.8 -2025-02-11
CVE-2024-48970 Baxter Life2000 安全漏洞 — Life2000 Ventilation System 9.3 Critical2024-11-14
CVE-2024-41692 SyroTech SY-GPON-1110-WDONT 安全漏洞 — SyroTech SY-GPON-1110-WDONT router 6.8 -2024-07-26
CVE-2024-4231 Digisol Router 安全漏洞 — Digisol Router DG-GR1321 3.9 -2024-05-10

CWE-1191 是常见的弱点类别,本平台收录该类弱点关联的 12 条 CVE 漏洞。