How severe is CVE-2024-7726?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-7726?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2024-7726 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on the drive’s circuit board. Due to the wide cutout of the enclosures, the JTAG port can be accessed without having to open the disk enclosure. Utilizing the JTAG debug port, an attacker with (temporary) physical access can get full access to the firmware and memory on the 2 main CPU cores within the drive including the execution of arbitrary code, the modification of firmware execution flow and data or bypassing the firmware signature verification during boot-up.

Related Vulnerabilities

CVE-2017-17746

MEDIUM

CVSS:6.8(Medium)

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authenticatio...

CWE-3062017

CVE-2017-8156

MEDIUM

CVSS:6.8(Medium)

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board...

CWE-3062017

CVE-2019-16258

MEDIUM

CVSS:6.8(Medium)

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal U...

CWE-3062019

CVE-2020-10263

MEDIUM

CVSS:6.8(Medium)

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue...

CWE-3062020

CVE-2020-15483

MEDIUM

CVSS:6.8(Medium)

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access.

CWE-3062020

CVE-2020-1813

MEDIUM

CVSS:6.8(Medium)

HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario att...

CWE-3062020