Vulnerabilities > Shapeshift > Keepkey Firmware > 4.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-06 | CVE-2019-18672 | Improper Validation of Integrity Check Value vulnerability in Shapeshift Keepkey Firmware Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. | 5.0 |
| 2018-03-14 | CVE-2018-6875 | Use of Externally-Controlled Format String vulnerability in Shapeshift Keepkey Firmware 4.0.0 Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks. | 5.0 |