CVE-2018-19795

MEDIUM

ChipsBank UMPTool - Info Disclosure

Title source: llm

Description

ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device.

References (1)

[Exploit, Third Party Advisory] https://www.thalpius.com/files/ChipsBank%20UMPTool%20Password%20Retrieval%20v0.1.pdf

Scores

CVSS v3 6.8

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

chipsbank/umptool

Timeline

Published Dec 03, 2018

Tracked Since Feb 18, 2026