CVE-2024-53406

Published: Mar 13, 2025Modified: Dec 31, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.

Affected (1)

Products: Espressif: Esp Idf

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Espressif Esp Idf	Version 5.3

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://github.com/espressif/esp-idf

Source: cve@mitre.org

Product

https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Esp/sk_reuse.md

Source: cve@mitre.org

Exploit

Timeline

No history available yet.