Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock
reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code
execution.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Npcm750r_firmware | Nuvoton | * | 10.10.19 (excluding) |