CVEs-PoC/2017/CVE-2017-18347.md

### [CVE-2017-18347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18347)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

### POC

#### Reference
- https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32
- https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

#### Github
No PoCs found on GitHub currently.