CVE-2024-33453

HIGH

esp-idf 5.1 - Buffer Overflow via ExternalId Component

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-33453. PoCs published by Ant1sec-ops.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-33453, an object-level access control vulnerability in the esp-idf framework version 5.1. It describes how authenticated users can manipulate the 'id' parameter to access sensitive data belonging to other users.

Description

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.

Exploits (1)

nomisec WRITEUP 1 stars

by Ant1sec-ops · poc

https://github.com/Ant1sec-ops/CVE-2024-33453

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2024-33453, an object-level access control vulnerability in the esp-idf framework version 5.1. It describes how authenticated users can manipulate the 'id' parameter to access sensitive data belonging to other users.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: esp-idf framework version 5.1

Auth required

Prerequisites: Authenticated access to the system using esp-idf framework

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Mitigation, Third Party Advisory

https://github.com/Ant1sec-ops/CVE-2024-33453

Scores

CVSS v3 8.1

EPSS 0.0095

EPSS Percentile 56.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

espressif/esp-idf 5.1

Published Oct 17, 2024

Tracked Since Feb 18, 2026