CVE-2021-38394
6.2 MEDIUMAn attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which cou...
Published: 2021-10-04 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.2 MEDIUM
- Vector
- CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
- CWE
- CWE-1278
Affected products
| Vendor | Product |
|---|---|
| bostonscientific | zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware |
Description
An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-38400 — An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially craft... (6.9 MEDIUM)
- CVE-2021-38398 — The affected device uses off-the-shelf software components that contain unpatched vulnerabilities (6.5 MEDIUM)
- CVE-2021-38396 — The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive (6.5 MEDIUM)
- CVE-2021-38392 — A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemet... (6.5 MEDIUM)