Detections
Analytics

CVE-2021-40154

medium

Description

NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.

References

https://www.darkmatter.ae/xen1thlabs/published-advisories/

https://github.com/Xen1thLabs-AE/CVE-2021-40154

Details

Source: Mitre, NVD

Published: 2021-12-01

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00629