Physical Access Vulnerability in Espressif ESP32 Chip
CVE-2019-17391
4.6MEDIUM
What is CVE-2019-17391?
A vulnerability in the Espressif ESP32 mask ROM code allows an attacker with physical access to exploit the first stage bootloader. This gap in security enables the reading of sensitive information stored in read-protected eFuses, including flash encryption and secure boot keys. The attacker can achieve this by injecting a glitch into the power supply shortly after the device resets, bypassing existing safeguards.