CVE-2023-25758
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
14/02/2023
Última modificación:
20/03/2025
Descripción
*** Pendiente de traducción *** Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected."
Impacto
Puntuación base 3.x
4.20
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:onekey:onekey_touch_firmware:*:*:*:*:*:*:*:* | 4.0.0 (incluyendo) | |
| cpe:2.3:h:onekey:onekey_touch:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:onekey:onekey_mini_firmware:*:*:*:*:*:*:*:* | 2.10.0 (incluyendo) | |
| cpe:2.3:h:onekey:onekey_mini:-:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://blog.onekey.so/our-response-to-recent-security-fix-reports-13914fea8afd
- https://fortune.com/crypto/2023/02/09/cyber-firm-cracks-onekey-crypto-wallets-in-video-raises-questions-hardware-security/amp/
- https://github.com/OneKeyHQ/firmware
- https://blog.onekey.so/our-response-to-recent-security-fix-reports-13914fea8afd
- https://fortune.com/crypto/2023/02/09/cyber-firm-cracks-onekey-crypto-wallets-in-video-raises-questions-hardware-security/amp/
- https://github.com/OneKeyHQ/firmware