CVE-2022-0553 MEDIUM

CVE-2022-0553: Possible to retrieve uncrypted firmware image

Vendor Zephyrproject-Rtos

Product zephyr

Weakness CWE-200 · Info exposure

Published January 11, 2023

Last update April 9, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.

Key dates

02Disclosure timeline

January 11, 2023 CVE published

April 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0553 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2022-0553: Possible to retrieve uncrypted firmware image

01Description

02Disclosure timeline

03References

04Related CVE