CVE-2020-6861

MEDIUM

Ledger Monero < 1.5.1 - Master Spending Key Extraction via Crafted Messages

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-6861. PoCs published by ph4r05.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2020-6861, demonstrating the extraction of the master spend key from a Ledger Monero app. The exploit leverages type confusion and a decryption oracle in the Monero protocol to extract the key without user interaction.

Description

A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC.

Exploits (1)

nomisec WORKING POC 4 stars
by ph4r05 · poc
https://github.com/ph4r05/ledger-app-monero-1.42-vuln

This repository contains a functional PoC for CVE-2020-6861, demonstrating the extraction of the master spend key from a Ledger Monero app. The exploit leverages type confusion and a decryption oracle in the Monero protocol to extract the key without user interaction.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Reliable
Target: Ledger Monero App 1.4.2
No auth needed
Prerequisites: Connected Ledger device with Monero app installed · Access to the public view key
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://donjon.ledger.com/lsb/008/

Scores

CVSS v3 5.5
EPSS 0.0059
EPSS Percentile 69.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-327
Status published
Products (1)
ledger/monero < 1.5.1
Published May 06, 2020
Tracked Since Feb 18, 2026