CVE-2018-6875

HIGH

Shapeshift Keepkey Firmware - Format String Vulnerability

Title source: rule

Description

Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.

References (1)

[Vendor Advisory] https://www.keepkey.com/2018/03/09/security-updates-responsible-disclosure/

Scores

CVSS v3 7.5

EPSS 0.0031

EPSS Percentile 53.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-134

Status published

Products (1)

shapeshift/keepkey_firmware 4.0.0

Published Mar 14, 2018

Tracked Since Feb 18, 2026