Insecure Permissions in Espressif IDF Affects Device Authentication
CVE-2024-53406

8.8HIGH

Key Information:

Vendor: Espressif
Status: Espressif IDF
Vendor: CVE Published:; 13 March 2025

What is CVE-2024-53406?

Espressif IDF v5.3.0 is exposed to an Insecure Permissions vulnerability that can lead to authentication bypass. During the reconnection process, the device incorrectly reuses the session key from earlier connection sessions. This flaw creates an avenue for malicious actors to exploit security weaknesses, enabling unauthorized access to sensitive functions. Mitigation efforts should focus on ensuring proper session key management to enhance device security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/espressif/esp-idf

https://github.com/yangting111/BLE_TEST/blob/main/result/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2025
Vulnerability Reserved
Nov 20, 2024

JSON

Espressif

What is CVE-2024-53406?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.