4.2
CVE-2023-25758
- EPSS 0.09%
- Veröffentlicht 14.02.2023 07:15:11
- Zuletzt bearbeitet 20.03.2025 19:15:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginOnekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Onekey ≫ Onekey Touch Firmware Version <= 4.0.0
Onekey ≫ Onekey Mini Firmware Version <= 2.10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.26 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.2 | 0.5 | 3.6 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.2 | 0.5 | 3.6 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|