{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T16:17:14.461","vulnerabilities":[{"cve":{"id":"CVE-2024-30212","sourceIdentifier":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5","published":"2024-05-28T16:15:15.673","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"If a SCSI READ(10) command is initiated via USB using the largest LBA \n(0xFFFFFFFF) with it's default block size of 512 and a count of 1,\n\nthe first 512 byte of the 0x80000000 memory area is returned to the \nuser. If the block count is increased, the full RAM can be exposed.\n\nThe same method works to write to this memory area. If RAM contains \npointers, those can be - depending on the application - overwritten to\n\nreturn data from any other offset including Progam and Boot Flash."},{"lang":"es","value":"Si se inicia un comando SCSI READ(10) a través de USB utilizando el LBA más grande (0xFFFFFFFF) con su tamaño de bloque predeterminado de 512 y un recuento de 1, los primeros 512 bytes del área de memoria 0x80000000 se devuelven al usuario. Si se aumenta el número de bloques, toda la RAM puede quedar expuesta. El mismo método funciona para escribir en esta área de memoria. Si la RAM contiene punteros, estos se pueden sobrescribir, según la aplicación, para devolver datos de cualquier otro desplazamiento, incluidos Progam y Boot Flash."}],"metrics":{"cvssMetricV40":[{"source":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://github.com/Fehr-GmbH/blackleak","source":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5"},{"url":"https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md","source":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5"},{"url":"https://github.com/Microchip-MPLAB-Harmony/core/commit/d4608a4f1a140bd899cd4337cdbfb343a4339216","source":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5"},{"url":"https://github.com/Fehr-GmbH/blackleak","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/Microchip-MPLAB-Harmony/core/commit/d4608a4f1a140bd899cd4337cdbfb343a4339216","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}