Vulnerabilities > Espressif > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-42483 | Insufficient Verification of Data Authenticity vulnerability in Espressif Esp-Now ESP-NOW Component provides a connectionless Wi-Fi communication protocol. | 6.5 |
| 2023-07-17 | CVE-2023-35818 | Unspecified vulnerability in Espressif products An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. low complexity espressif | 6.8 |
| 2021-01-12 | CVE-2020-16146 | Classic Buffer Overflow vulnerability in Espressif Esp-Idf Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. | 5.0 |
| 2020-07-23 | CVE-2020-12638 | Improper Authentication vulnerability in Espressif Esp-Idf An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. | 4.3 |
| 2019-09-04 | CVE-2019-12587 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Espressif Esp-Idf and Esp8266 Nonos SDK The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. | 4.8 |
| 2019-05-13 | CVE-2018-18558 | Improper Input Validation vulnerability in Espressif Esp-Idf An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. | 6.4 |