CVE-2023-35818

Name of the Vulnerable Software and Affected Versions Espressif ESP32 version 3.0 (ESP32 rev300 ROM)

Description An issue was discovered that allows an attacker to influence the PC value at the CPU context level through an EMFI attack on ECO3, regardless of Secure Boot and Flash Encryption status. This capability can be used to exploit another behavior in the chip, gaining unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.

Recommendations For Espressif ESP32 version 3.0 (ESP32 rev300 ROM), at the moment, there is no information about a newer version that contains a fix for this vulnerability.