A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component…
VulDB·CWE-1191·Published 2025-07-09
Es wurde eine kritische Schwachstelle in FNKvision FNK-GU2 bis 40.1.7 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Komponente UART Interface. Dank Manipulation mit unbekannten Daten kann eine on-chip debug and test interface with improper access control-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung.
A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and test interface with improper access control. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and test interface with improper access control. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Se ha detectado una vulnerabilidad crítica en FNKvision FNK-GU2 hasta la versión 40.1.7. Se trata de una función desconocida de la interfaz UART. La manipulación da lugar a una interfaz de depuración y prueba en chip con un control de acceso inadecuado. Es posible lanzar el ataque contra el dispositivo físico. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 6.2 | — | — | AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR |
| 2.0 | Primary | cve.org | 6.2 | — | — | AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR |
| 2.0 | Secondary | NVD | 6.2 | 1.9 | 10.0 | AV:L/AC:H/Au:N/C:C/I:C/A:C |
| 3.0 | Primary | cve.org | 6.4 | — | — | CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R |
| 3.0 | Primary | cve.org | 6.4 | — | — | CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R |
| 3.1 | Primary | cve.org | 6.4 | — | — | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R |
| 3.1 | Primary | cve.org | 6.4 | — | — | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R |
| 3.1 | Secondary | NVD | 6.4 | 0.5 | 5.9 | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 4.0 | Primary | cve.org | 5.4 | — | — | CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| 4.0 | Primary | cve.org | 5.4 | — | — | CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| 4.0 | Secondary | NVD | 4.5 | — | — | CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |