CVE-2022-30330
MEDIUMKeepKey Firmware < 7.3.2 - Privilege Escalation and Security Bypass via Supervisor Interface
Title source: llmDescription
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2
Patch, Third Party Advisory x_refsource_misc
https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc
Exploit, Patch, Third Party Advisory x_refsource_misc
https://blog.inhq.net/posts/keepkey-CVE-2022-30330/
Scores
CVSS v3
6.6
EPSS
0.0053
EPSS Percentile
40.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
keepkey/keepkey_firmware
< 7.3.2
Published
May 07, 2022
Tracked Since
Feb 18, 2026