CVE-2025-36755 (CNNVD-202512-2348)
中文标题:
CleverDisplay BlueOne 安全漏洞
英文标题:
CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard
漏洞描述
中文描述:
CleverDisplay BlueOne是荷兰CleverDisplay公司的一款工业控制的嵌入式硬件设备。 CleverDisplay BlueOne存在安全漏洞,该漏洞源于USB接口物理封闭不当,可能导致暴露内部系统信息。
英文描述:
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| CleverDisplay B.V. | BlueOne (CleverDisplay Hardware Player) | 12.11.1 | - | - |
cpe:2.3:a:cleverdisplay_b.v.:blueone_(cleverdisplay_hardware_player):12.11.1:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
LOWCVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Green
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-36755 |
2025-12-15 03:58:24 | 2026-01-12 02:11:38 |
| NVD | nvd_CVE-2025-36755 |
2025-12-13 03:00:06 | 2026-01-12 02:27:41 |
| CNNVD | cnnvd_CNNVD-202512-2348 |
2026-01-11 06:15:05 | 2026-01-12 02:38:01 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202512-2348
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']