CVE-2024-53406 Information

Description

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase the device reuses the session key from a previous connection session creating an opportunity for attackers to execute security bypass attacks.

Reference

https://github.com/espressif/esp-idf https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Esp/sk_reuse.md