CVEs classified under CWE-1191, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2024-48970 — CVSS 9.3 (critical): The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to…
CVE-2025-52533: Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially…
CVE-2025-9709: On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in…
CVE-2024-41692: This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without…
CVE-2025-65821 — CVSS 7.5 (high): As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and…
CVE-2023-32666 — CVSS 7.2 (high): On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or…
CVE-2025-65822 — CVSS 6.8 (medium): The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a…
CVE-2025-26409 — CVSS 6.8 (medium): A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access…
CVE-2020-9285 — CVSS 6.8 (medium): Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be…
CVE-2025-7213 — CVSS 6.4 (medium): A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component…
CVE-2025-47822 — CVSS 6.4 (medium): Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.
CVE-2025-47819 — CVSS 6.4 (medium): Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
CVE-2025-48468 — CVSS 6.4 (medium): Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify…
CVE-2024-36319: Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command…
CVE-2025-26408 — CVSS 6.1 (medium): The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full…
CVE-2025-12114 — CVSS 5.5 (medium): Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2…
CVE-2024-4231 — CVSS 4.6 (medium): This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to presence of root terminal…
CVE-2025-36755: The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating…
CVE-2025-15083 — CVSS 2.0 (low): A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface…