• Advisories

Found 13 results
Select All Title 正文 Version Advisory No. Type Released Date Fixed Status Download
Security Advisory for PEAP Phase 2 Authentication

This advisory describes vulnerabilities in PEAP phase-2 authentication and its solution.

V1.0 AR2024-003 Security 2024.06.11 Fixed with Commit
Security Advisory for WLAN FragAttacks

This security advisory describes vulnerabilities affecting WLAN FragAttacks and their solutions.

V1.1 AR2023-008 Security 2024.05.20 Fixed
Security Advisory for Classic Bluetooth BLUFFS Vulnerability

The advisory briefly describes BLUFFS vulnerability and the implementation level mitigations on ESP32 series products for now.

V1.0 AR2023-010 Security 2024.01.19 Notification
Security Advisory Concerning Bypassing Secure Boot and Flash Encryption using CPA and FI attack on ESP32-C3 and ESP32-C6

The advisory focuses on a crucial hardware vulnerability discovered in ESP32-C3 and ESP32-C6 chips. The vulnerability stems from a combination of Correlation Power Analysis (CPA), Fault Injection (FI), and buffer overflow, allowing attackers to bypass the Flash Encryption feature that uses the AES-XTS algorithm, extracting sensitive device information. Additionally, the advisory offers suggestions for hardware and application countermeasures that can effectively mitigate this type of attack.

V1.0 AR2023-007 Security 2024.01.08 Notification
Security Advisory concerning Wi-Fi authentication bypass
V1.1 AR2020-002 Security 2023.11.03 Fixed
Security Advisory for WFA vulnerability

This security advisory describes vulnerabilities affecting Wi-Fi devices and their solutions.

V1.1 AR2021-003 Security 2023.08.25 Fixed
Security Advisory Concerning Bypassing Secure Boot and Flash Encryption Using EMFI

This security advisory describes an issue summary and impact analysis of a technique called Electromagnetic Fault Injection (EMFI), which allows bypassing Secure Boot V2 and Flash Encryption on the ESP32 with directly jumping to the UART Download mode implemented in the ROM code. The advisory also provides practical tips for customers on using the ESP32 chip.

V1.0 AR2023-005 Security 2023.07.11 Notification
Security Advisory for USB_OTG & USB_Serial_JTAG Download Functions of ESP32-S3 Series Products
For ESP32-S3 series chips manufactured on and after Date Code 2219 and modules and development boards with the PW No. of and after PW-2022-06-XXXX, the bit (BLK0 B19[7]) will be open for users to program since it will not be programmed by default. This will enable the USB_OTG Download function.
V1.1 AR2022-004 Security 2022.12.21 Fixed
Security Advisory Concerning Breaking the Hardware AES Core and Firmware Encryption of ESP32 Chip Revision v3.0
This security advisory provides an issue summary and impact analysis of the side-channel attack (SCA) and body bias injection (BBI), which allow attackers to exploit the power consumption trajectory characteristics of ESP32/ESP32-S2/ESP32-S3/ESP32-C3 series chips when performing encryption and decryption to obtain sensitive information in the chip. The advisory also provides practical tips for customers on using the ESP32/ESP32-S2/ESP32-S3/ESP32-C3/ESP32-C2 series chips.

V2.0 AR2022-003 Security 2022.11.18 Notification
Security Advisory on "BadAlloc" Vulnerabilities

This security advisory describes BadAlloc, which is a family of vulnerabilities related to integer overflows in heap handling functions in several RTOSes and libraries, and its solutions.

V1.0 AR2021-005 Security 2021.10.27 Fixed
Security Advisory for Bluetooth Vulnerability

Securtiy Advisory for various Bluetooth vulnerability, including BrakTooth, Impersonation in different pairing methods and Mesh, BIAS Vulnerability, and their solutions.

V1.0 AR2021-004 Security 2021.08.31 Fixed
Security Advisory Concerning Partitions Using Flash Encryption

This security advisory describes the partition encryption issues and their solutions when using the flash encryption feature of ESP32 series products.

V1.0 AR2021-002 Security 2021.06.10 Fixed
Security Advisory concerning fault injection and ESP32 Flash Encryption & Secure Boot V1
V1.0 AR2020-001 Security 2020.07.20 Notification

Advisory type