PT-2024-35948 · Espressif · Esptouch
Nir-Mo
·
Published
2024-12-11
·
Updated
2024-12-13
·
CVE-2024-53845
CVSS v4.0
6.6
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
ESPTouch versions prior to 5.3.2
ESPTouch versions prior to 5.2.4
ESPTouch versions prior to 5.1.6
ESPTouch versions prior to 5.0.8
Description:
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8, resulting in a constant IV of zero. This leads to deterministic encrypted output in AES/CBC mode, potentially causing data leakage. The application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8, which is then transmitted along with the provision data to the provision device.
Recommendations:
To address the issue, upgrade to version 5.3.2 or later for the best protection.
For versions prior to 5.2.4, upgrade to version 5.2.4 or later.
For versions prior to 5.1.6, upgrade to version 5.1.6 or later.
For versions prior to 5.0.8, upgrade to version 5.0.8 or later.
As the issue is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.
Exploit
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Esptouch