PT-2018-17796 · Keepkey · Keepkey
Publicado
2018-03-14
·
Atualizado
2020-01-07
·
CVE-2018-6875
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
KeepKey version 4.0.0
Description
The issue allows attackers to trigger the display of information that should not be accessible. This is related to text containing characters that the device's font lacks, which can be exploited to reveal sensitive information.
Recommendations
For KeepKey version 4.0.0, update to a newer version that contains a fix for this issue to prevent unauthorized information display.
Correção
Use of Externally-Controlled Format String
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Keepkey