Vulnerability Details CVE-2021-40154
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 2.1
References
Products affected by CVE-2021-40154
-
cpe:2.3:h:nxp:lpc55s69jbd100:0a
-
cpe:2.3:h:nxp:lpc55s69jbd100:1b
-
cpe:2.3:h:nxp:lpc55s69jbd64:0a
-
cpe:2.3:h:nxp:lpc55s69jbd64:1b
-
cpe:2.3:h:nxp:lpc55s69jev98:0a
-
cpe:2.3:h:nxp:lpc55s69jev98:1b
-
cpe:2.3:o:nxp:lpc55s69jbd100_firmware:-
-
cpe:2.3:o:nxp:lpc55s69jbd64_firmware:-
-
cpe:2.3:o:nxp:lpc55s69jev98_firmware:-