CVE-2021-40154

MEDIUM

NXP LPC55S69 - Out-of-bounds Read via USB ISP GET Descriptor Configuration Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-40154. PoCs published by Jeromeyoung.

AI-analyzed exploit summary The repository contains functional exploit code demonstrating a buffer over-read vulnerability in NXP LPC55S69 and K82 microcontrollers via USB ISP. The PoC scripts interact with USB control endpoints to extract protected flash memory data.

Description

NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.

Exploits (1)

nomisec WORKING POC 6 stars
by Jeromeyoung · poc
https://github.com/Jeromeyoung/CVE-2021-40154

The repository contains functional exploit code demonstrating a buffer over-read vulnerability in NXP LPC55S69 and K82 microcontrollers via USB ISP. The PoC scripts interact with USB control endpoints to extract protected flash memory data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: NXP LPC55S69 and Kinetis K82 MCU BootROM (Revision A2)
No auth needed
Prerequisites: Physical access to USB port · Target device in ISP mode · Python 3+ with pyusb
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Broken Link, Third Party Advisory x_refsource_misc
https://www.darkmatter.ae/xen1thlabs/published-advisories/
Third Party Advisory x_refsource_misc
https://github.com/Xen1thLabs-AE/CVE-2021-40154

Scores

CVSS v3 6.1
EPSS 0.0073
EPSS Percentile 49.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Details

CWE
CWE-125
Status published
Products (3)
nxp/lpc55s69jbd100_firmware
nxp/lpc55s69jbd64_firmware
nxp/lpc55s69jev98_firmware
Published Dec 01, 2021
Tracked Since Feb 18, 2026