Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Security problem with settings and littlefs
Vulnerability Description
Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
缺省权限不正确
Vulnerability Title
Zephyr 安全漏洞
Vulnerability Description
Zephyr是美国Linux基金会的一套开源的小型的可缩放的实时操作系统。 Zephyr >= 1.14.2和>= 2.3.0版本存在安全漏洞,该漏洞源于当设置与littlefs结合使用时,可以使用MCUmgr从设备中提取所有与安全相关的信息。例如,可以在bt-mesh中使用它来从设备获取设备密钥,网络密钥和应用程序密钥。
CVSS Information
N/A
Vulnerability Type
N/A