CWE-1263
Allowed-with-ReviewImproper Physical Access Control
Abstraction: Class · Status: Incomplete
The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas.
22 vulnerabilities reference this CWE, most recent first.
GHSA-7X3W-3VJX-FHQV
Vulnerability from github – Published: 2024-07-11 00:32 – Updated: 2024-07-11 00:32An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.
When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.
This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39512"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-10T23:15:10Z",
"severity": "HIGH"
},
"details": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\n\nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\n\nThis issue affects Junos OS Evolved: \n * from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0\n * from 23.4R1-EVO before 23.4R2-EVO.",
"id": "GHSA-7x3w-3vjx-fhqv",
"modified": "2024-07-11T00:32:50Z",
"published": "2024-07-11T00:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39512"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA82977"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C72M-9PRF-JFXF
Vulnerability from github – Published: 2024-04-15 12:30 – Updated: 2024-04-15 12:30Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauthenticated local attacker.
{
"affected": [],
"aliases": [
"CVE-2024-3802"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-15T11:15:11Z",
"severity": "MODERATE"
},
"details": "Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauthenticated local attacker.\n",
"id": "GHSA-c72m-9prf-jfxf",
"modified": "2024-04-15T12:30:35Z",
"published": "2024-04-15T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3802"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G37X-JPMR-W7P9
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.
{
"affected": [],
"aliases": [
"CVE-2022-3086"
],
"database_specific": {
"cwe_ids": [
"CWE-1263",
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-02T20:15:00Z",
"severity": "HIGH"
},
"details": "An attacker with physical access to Moxa\u0027s bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u2019s authentication files to create a new user and gain full access to the system.",
"id": "GHSA-g37x-jpmr-w7p9",
"modified": "2024-04-04T05:30:41Z",
"published": "2023-07-06T19:24:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3086"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H34R-96VV-VXHC
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-08-20 15:32An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.
{
"affected": [],
"aliases": [
"CVE-2022-32506"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T10:43:41Z",
"severity": "MODERATE"
},
"details": "An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.",
"id": "GHSA-h34r-96vv-vxhc",
"modified": "2024-08-20T15:32:11Z",
"published": "2024-05-14T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32506"
},
{
"type": "WEB",
"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks"
},
{
"type": "WEB",
"url": "https://nuki.io/en/security-updates"
},
{
"type": "WEB",
"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2"
},
{
"type": "WEB",
"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H39P-Q7CH-CJ9P
Vulnerability from github – Published: 2023-10-09 21:30 – Updated: 2024-04-04 08:26A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
{
"affected": [],
"aliases": [
"CVE-2022-48182"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-09T21:15:10Z",
"severity": "MODERATE"
},
"details": "\nA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. \n\n",
"id": "GHSA-h39p-q7ch-cj9p",
"modified": "2024-04-04T08:26:40Z",
"published": "2023-10-09T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48182"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H66R-C8CP-F7F9
Vulnerability from github – Published: 2024-04-26 21:31 – Updated: 2024-07-03 18:37Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface.
{
"affected": [],
"aliases": [
"CVE-2024-28326"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-26T20:15:07Z",
"severity": "MODERATE"
},
"details": "Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface.",
"id": "GHSA-h66r-c8cp-f7f9",
"modified": "2024-07-03T18:37:07Z",
"published": "2024-04-26T21:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28326"
},
{
"type": "WEB",
"url": "https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Privilege-Escalation-CVE%E2%80%902024%E2%80%9028326"
},
{
"type": "WEB",
"url": "http://asus.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JX4W-RH76-5J93
Vulnerability from github – Published: 2024-07-15 21:31 – Updated: 2024-08-01 15:32eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks.
{
"affected": [],
"aliases": [
"CVE-2024-36438"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-15T19:15:03Z",
"severity": "HIGH"
},
"details": "eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks.",
"id": "GHSA-jx4w-rh76-5j93",
"modified": "2024-08-01T15:32:00Z",
"published": "2024-07-15T21:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36438"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-044.txt"
},
{
"type": "WEB",
"url": "https://www.syss.de/pentest-blog"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MGRH-GVCX-F62X
Vulnerability from github – Published: 2025-12-02 15:30 – Updated: 2025-12-02 21:31Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.
{
"affected": [],
"aliases": [
"CVE-2025-59696"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-02T15:15:55Z",
"severity": "LOW"
},
"details": "Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.",
"id": "GHSA-mgrh-gvcx-f62x",
"modified": "2025-12-02T21:31:28Z",
"published": "2025-12-02T15:30:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59696"
},
{
"type": "WEB",
"url": "https://www.entrust.com/use-case/why-use-an-hsm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MQP3-JP6Q-7JF7
Vulnerability from github – Published: 2023-10-09 21:30 – Updated: 2024-04-04 08:26A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
{
"affected": [],
"aliases": [
"CVE-2022-3728"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-09T21:15:09Z",
"severity": "MODERATE"
},
"details": "\nA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. \n\n",
"id": "GHSA-mqp3-jp6q-7jf7",
"modified": "2024-04-04T08:26:41Z",
"published": "2023-10-09T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3728"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWG9-CPPX-6XF2
Vulnerability from github – Published: 2024-04-22 15:30 – Updated: 2024-07-03 18:36Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203', versionName='9.0212.03') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.evenwell.fqc app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user's apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1663816427:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1656476696:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1647856638:user/release-keys) and Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_460:user/release-keys and SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). This malicious app starts an exported activity named com.evenwell.fqc/.activity.ClickTest, crashes the com.evenwell.fqc app by sending an empty Intent (i.e., having not extras) to the com.evenwell.fqc/.FQCBroadcastReceiver receiver component, and then it sends command arbitrary shell commands to the com.evenwell.fqc/.FQCService service component which executes them with "system" privileges.
{
"affected": [],
"aliases": [
"CVE-2023-38290"
],
"database_specific": {
"cwe_ids": [
"CWE-1263"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-22T15:15:46Z",
"severity": "HIGH"
},
"details": "Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode=\u00279020801\u0027, versionName=\u00279.0208.01\u0027 ; versionCode=\u00279020913\u0027, versionName=\u00279.0209.13\u0027 ; versionCode=\u00279021203\u0027, versionName=\u00279.0212.03\u0027) that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.evenwell.fqc app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user\u0027s apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1663816427:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1656476696:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1647856638:user/release-keys) and Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_460:user/release-keys and SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). This malicious app starts an exported activity named com.evenwell.fqc/.activity.ClickTest, crashes the com.evenwell.fqc app by sending an empty Intent (i.e., having not extras) to the com.evenwell.fqc/.FQCBroadcastReceiver receiver component, and then it sends command arbitrary shell commands to the com.evenwell.fqc/.FQCService service component which executes them with \"system\" privileges.",
"id": "GHSA-pwg9-cppx-6xf2",
"modified": "2024-07-03T18:36:24Z",
"published": "2024-04-22T15:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38290"
},
{
"type": "WEB",
"url": "https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Specific protection requirements depend strongly on contextual factors including the level of acceptable risk associated with compromise to the product's protection mechanism. Designers could incorporate anti-tampering measures that protect against or detect when the product has been tampered with.
Mitigation
The testing phase of the lifecycle should establish a method for determining whether the protection mechanism is sufficient to prevent unauthorized access.
Mitigation
Ensure that all protection mechanisms are fully activated at the time of manufacturing and distribution.
CAPEC-401: Physically Hacking Hardware
An adversary exploits a weakness in access control to gain access to currently installed hardware and precedes to implement changes or secretly replace a hardware component which undermines the system's integrity for the purpose of carrying out an attack.