ID
VAR-201401-0739
TITLE
Appotech AX211 / AX215 8-bit SD Card Controller Firmware Upgrade Mechanism Code Execution Vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2014-00041
DESCRIPTION
The Appotech AX211 / AX215 is a microcontroller device. The Appotech AX211 / AX215 8-bit SD card controller has a security vulnerability in the firmware upgrade mechanism. The attacker sends a 'knock' command (CMD63 followed by 'A', 'P', 'P', 'O')). The controller enters firmware load mode, and an attacker who can physically access the memory card can execute arbitrary commands on the card.
Trust: 0.6
sources:
CNVD: CNVD-2014-00041
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00041
AFFECTED PRODUCTS
| vendor: | appotech | model: | ax215 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | appotech | model: | ax211 | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00041
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2014-00041
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2014-00041 | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00041
REFERENCES
| url: | http://threatpost.com/flash-memory-cards-contain-powerful-unsecured-microcontrollers/103366 | Trust: 0.6 |
| url: | http://bunniefoo.com/bunnie/sdcard-30c3-pub.pdf | Trust: 0.6 |
| url: | http://www.bunniestudios.com/blog/?p=3554 | Trust: 0.6 |
| url: | http://www.youtube.com/watch?v=r3gdpwiurki | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00041
SOURCES
| db: | CNVD | id: | CNVD-2014-00041 |
LAST UPDATE DATE
2022-05-04T09:18:21.619000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-00041 | date: | 2014-01-03T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-00041 | date: | 2014-01-03T00:00:00 |