CVE-2022-29948

Name of the Vulnerable Software and Affected Versions Lepin EP-KP001 versions through KP001 V19

Description The issue is due to an insecure design, allowing an authentication bypass attack. This enables an attacker to gain access to stored encrypted data by replacing the microcontroller on a target device with one from an attacker-controlled device whose passcode is known. Normally, the encrypted disk partition is unlocked by entering a correct passcode via the keypad and pressing the Unlock button, with authentication performed by an unknown microcontroller. This vulnerability allows an attacker to unlock the target device and read stored data in cleartext.

Recommendations For Lepin EP-KP001 versions through KP001 V19, consider replacing the microcontroller with a secure one or implementing additional security measures to prevent unauthorized access. As a temporary workaround, restrict physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.