CVEbaza.plCWE DictionaryCWE-1328
Common Weakness Enumeration

CWE-1328

Security Version Number Mutable to Older Versions

Category: BaseCVE: 5
Description

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

CVE vulnerabilities with CWE-1328 (5)
7.5
CVSS
HIGH
CVE-2025-5825

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a firmware image before using it to perform an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26354.

pub. 2025-06-25
6.8
CVSS
MEDIUM
CVE-2025-8321

Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feature. The issue results from the lack of an anti-downgrade mechanism. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the device. Was ZDI-CAN-26299.

pub. 2025-07-30
4.3
CVSS
MEDIUM
CVE-2023-50738

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified.

pub. 2025-01-17
3.1
CVSS
LOW
CVE-2025-29989

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial.

pub. 2025-04-10
1.8
CVSS
LOW
CVE-2024-13870

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

pub. 2025-03-12
Information
ID: CWE-1328
Type: Base
Vulnerabilities: 5
MITRE CWE ↗
← CWE Dictionary