← Back

Nordicsemi

nordicsemi

6 CVEs • 7 products

Products (7)

Click to collapse
Toggle
Nrf52840 Firmware
nrf52840_firmware
2 CVEs
Nrf5 Sdk For Mesh
nrf5_sdk_for_mesh
2 CVEs
Android Ble Library
android_ble_library
1 CVE
Dfu Library
dfu_library
1 CVE
Nrf5340 Dk Firmware
nrf5340-dk_firmware
1 CVE
Nrf52840
nrf52840
0 CVEs
Nrf5340 Dk
nrf5340-dk
0 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-40480
2Microchip
Nordicsemi
2Dt100112 Firmware
Nrf5340 Dk Firmware
Mar 25, 2025
Feb 8, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.
CVE-2022-35624
1Nordicsemi
1Nrf5 Sdk For Mesh
Nov 21, 2024
Aug 15, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN
CVE-2022-35623
1Nordicsemi
1Nrf5 Sdk For Mesh
Nov 21, 2024
Aug 15, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth
CVE-2020-27211
1Nordicsemi
1Nrf52840 Firmware
Nov 21, 2024
May 21, 2021
N/A· v4
5.7 MEDIUM· v3
3.3 LOW· v2
Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.
CVE-2021-29415
1Nordicsemi
1Nrf52840 Firmware
Nov 21, 2024
May 21, 2021
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This a...Show more
The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operation.Show less
CVE-2020-15509
1Nordicsemi
2Android Ble Library
Dfu Library
Nov 21, 2024
Jul 7, 2020
N/A· v4
6.5 MEDIUM· v3
3.3 LOW· v2
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the co...Show more
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).Show less