Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Semtech LR11xx Encrypted Firmware Disclosure
Vulnerability Description
The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.
CVSS Information
N/A
Vulnerability Type
在释放前未清除敏感信息
Vulnerability Title
Semtech LR11xx LoRa 安全漏洞
Vulnerability Description
Semtech LR11xx LoRa是美国Semtech公司的一系列低功耗无线通信芯片。 Semtech LR11xx LoRa存在安全漏洞,该漏洞源于早期固件版本存在信息泄露,可能导致攻击者绕过固件加密保护机制。
CVSS Information
N/A
Vulnerability Type
N/A