NordicsemiCVEs & Vulnerabilities

6 CVEs affecting Nordicsemi products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

nrf52840 firmware 2nrf52840 2nrf5 sdk for mesh 2android ble library 1nrf5340-dk 1dfu library 1nrf5340-dk firmware 1
CVE-2022-40480MEDIUM

Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.

8 Feb 2023
6.5
CVSS
CVE-2022-35624HIGH

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN

15 Aug 2022
8.8
CVSS
CVE-2022-35623HIGH

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth

15 Aug 2022
8.8
CVSS
CVE-2020-27211MEDIUM

Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.

21 May 2021
5.7
CVSS
CVE-2021-29415MEDIUM

The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operation.

21 May 2021
5.5
CVSS
CVE-2020-15509MEDIUM

Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).

7 Jul 2020
6.5
CVSS
← PrevPage 1 / 1Next →