Cyber Resilience

CVE-2022-29948

MediumPublic PoC

Published: 10 June 2022

Published
10 June 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0067 71.8th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-29948 is a medium-severity an unspecified weakness vulnerability in Lepin Ep-Kp001 Project Lepinep-Kp001 Firmware. Its CVSS base score is 4.6 (Medium).

Operationally, ranked in the top 28.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is…

more

unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

lepin ep-kp001 project
lepinep-kp001 firmware
≤ kp001_v19

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References