Common Weakness Enumeration

CWE-1263

Allowed-with-Review

Improper Physical Access Control

Abstraction: Class · Status: Incomplete

The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas.

22 vulnerabilities reference this CWE, most recent first.

GHSA-7X3W-3VJX-FHQV

Vulnerability from github – Published: 2024-07-11 00:32 – Updated: 2024-07-11 00:32
VLAI
Details

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.

When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.

This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO,  * from 23.4R1-EVO before 23.4R2-EVO.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-10T23:15:10Z",
    "severity": "HIGH"
  },
  "details": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\n\nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\n\nThis issue affects Junos OS Evolved: \n  *  from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0\n  *  from 23.4R1-EVO before 23.4R2-EVO.",
  "id": "GHSA-7x3w-3vjx-fhqv",
  "modified": "2024-07-11T00:32:50Z",
  "published": "2024-07-11T00:32:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39512"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA82977"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-C72M-9PRF-JFXF

Vulnerability from github – Published: 2024-04-15 12:30 – Updated: 2024-04-15 12:30
VLAI
Details

Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauthenticated local attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-15T11:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauthenticated local attacker.\n",
  "id": "GHSA-c72m-9prf-jfxf",
  "modified": "2024-04-15T12:30:35Z",
  "published": "2024-04-15T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3802"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G37X-JPMR-W7P9

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30
VLAI
Details

An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263",
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-02T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An attacker with physical access to Moxa\u0027s bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u2019s authentication files to create a new user and gain full access to the system.",
  "id": "GHSA-g37x-jpmr-w7p9",
  "modified": "2024-04-04T05:30:41Z",
  "published": "2023-07-06T19:24:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3086"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H34R-96VV-VXHC

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-08-20 15:32
VLAI
Details

An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32506"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T10:43:41Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.",
  "id": "GHSA-h34r-96vv-vxhc",
  "modified": "2024-08-20T15:32:11Z",
  "published": "2024-05-14T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32506"
    },
    {
      "type": "WEB",
      "url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks"
    },
    {
      "type": "WEB",
      "url": "https://nuki.io/en/security-updates"
    },
    {
      "type": "WEB",
      "url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2"
    },
    {
      "type": "WEB",
      "url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H39P-Q7CH-CJ9P

Vulnerability from github – Published: 2023-10-09 21:30 – Updated: 2024-04-04 08:26
VLAI
Details

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-09T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "\nA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. \n\n",
  "id": "GHSA-h39p-q7ch-cj9p",
  "modified": "2024-04-04T08:26:40Z",
  "published": "2023-10-09T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48182"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-106014"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H66R-C8CP-F7F9

Vulnerability from github – Published: 2024-04-26 21:31 – Updated: 2024-07-03 18:37
VLAI
Details

Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-26T20:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface.",
  "id": "GHSA-h66r-c8cp-f7f9",
  "modified": "2024-07-03T18:37:07Z",
  "published": "2024-04-26T21:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28326"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Privilege-Escalation-CVE%E2%80%902024%E2%80%9028326"
    },
    {
      "type": "WEB",
      "url": "http://asus.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JX4W-RH76-5J93

Vulnerability from github – Published: 2024-07-15 21:31 – Updated: 2024-08-01 15:32
VLAI
Details

eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36438"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-15T19:15:03Z",
    "severity": "HIGH"
  },
  "details": "eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks.",
  "id": "GHSA-jx4w-rh76-5j93",
  "modified": "2024-08-01T15:32:00Z",
  "published": "2024-07-15T21:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36438"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-044.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/pentest-blog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGRH-GVCX-F62X

Vulnerability from github – Published: 2025-12-02 15:30 – Updated: 2025-12-02 21:31
VLAI
Details

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T15:15:55Z",
    "severity": "LOW"
  },
  "details": "Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.",
  "id": "GHSA-mgrh-gvcx-f62x",
  "modified": "2025-12-02T21:31:28Z",
  "published": "2025-12-02T15:30:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59696"
    },
    {
      "type": "WEB",
      "url": "https://www.entrust.com/use-case/why-use-an-hsm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQP3-JP6Q-7JF7

Vulnerability from github – Published: 2023-10-09 21:30 – Updated: 2024-04-04 08:26
VLAI
Details

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-09T21:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. \n\n",
  "id": "GHSA-mqp3-jp6q-7jf7",
  "modified": "2024-04-04T08:26:41Z",
  "published": "2023-10-09T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3728"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-106014"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWG9-CPPX-6XF2

Vulnerability from github – Published: 2024-04-22 15:30 – Updated: 2024-07-03 18:36
VLAI
Details

Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203', versionName='9.0212.03') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.evenwell.fqc app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user's apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1663816427:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1656476696:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1647856638:user/release-keys) and Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_460:user/release-keys and SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). This malicious app starts an exported activity named com.evenwell.fqc/.activity.ClickTest, crashes the com.evenwell.fqc app by sending an empty Intent (i.e., having not extras) to the com.evenwell.fqc/.FQCBroadcastReceiver receiver component, and then it sends command arbitrary shell commands to the com.evenwell.fqc/.FQCService service component which executes them with "system" privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-22T15:15:46Z",
    "severity": "HIGH"
  },
  "details": "Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode=\u00279020801\u0027, versionName=\u00279.0208.01\u0027 ; versionCode=\u00279020913\u0027, versionName=\u00279.0209.13\u0027 ; versionCode=\u00279021203\u0027, versionName=\u00279.0212.03\u0027) that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.evenwell.fqc app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user\u0027s apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1663816427:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1656476696:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1647856638:user/release-keys) and Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_460:user/release-keys and SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). This malicious app starts an exported activity named com.evenwell.fqc/.activity.ClickTest, crashes the com.evenwell.fqc app by sending an empty Intent (i.e., having not extras) to the com.evenwell.fqc/.FQCBroadcastReceiver receiver component, and then it sends command arbitrary shell commands to the com.evenwell.fqc/.FQCService service component which executes them with \"system\" privileges.",
  "id": "GHSA-pwg9-cppx-6xf2",
  "modified": "2024-07-03T18:36:24Z",
  "published": "2024-04-22T15:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38290"
    },
    {
      "type": "WEB",
      "url": "https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Specific protection requirements depend strongly on contextual factors including the level of acceptable risk associated with compromise to the product's protection mechanism. Designers could incorporate anti-tampering measures that protect against or detect when the product has been tampered with.

Mitigation
Testing

The testing phase of the lifecycle should establish a method for determining whether the protection mechanism is sufficient to prevent unauthorized access.

Mitigation
Manufacturing

Ensure that all protection mechanisms are fully activated at the time of manufacturing and distribution.

CAPEC-401: Physically Hacking Hardware

An adversary exploits a weakness in access control to gain access to currently installed hardware and precedes to implement changes or secretly replace a hardware component which undermines the system's integrity for the purpose of carrying out an attack.