Description
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://defcon.org/html/defcon-29/dc-29-speakers.html#kintigh
Various Sources
https://github.com/skintigh/defcon27_badge_sdr
Scores
CVSS v3
8.8
EPSS
0.0039
EPSS Percentile
60.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (1)
defcon/def_con_27_firmware
Published
Aug 04, 2021
Tracked Since
Feb 18, 2026