CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2020-27211

Voltage Glitching the Nordic nRF52: How a Zap Resurrected the Debugger

Amit Schendel
Amit Schendel
Senior Security Researcher

Feb 2, 2026·7 min read·57 visits

Executive Summary (TL;DR)

The nRF52840's hardware readback protection (APPROTECT) can be bypassed by momentarily cutting power (glitching) during boot. This re-enables the debug interface on locked chips, exposing firmware and secrets.

A fundamental hardware vulnerability in Nordic Semiconductor nRF52840 chips allows attackers to bypass Readback Protection (APPROTECT) via voltage fault injection. By precisely glitching the power rail during the boot sequence, an attacker can prevent the chip from processing the 'lock' command, resurrecting the Serial Wire Debug (SWD) interface and allowing full firmware extraction.

The Hook: The Illusion of Silicon Safety

In the world of embedded systems, we rely on a specific contract with the hardware manufacturer: if we burn a specific bit in the configuration memory, the chip locks its doors. For Nordic Semiconductor's ubiquitous nRF52 series—powering everything from AirTags clones to FIDO2 security keys—this feature is called APPROTECT (Access Port Protection).

The promise is simple. You write 0x00 to the APPROTECT register in the User Information Configuration Registers (UICR), and the device disables the Serial Wire Debug (SWD) interface. No more J-Link. No more dumping flash. The firmware is sealed in amber, safe from prying eyes.

But here is the cynical reality of hardware security: logic is abstract, but silicon is physical. Logic says "If A is 0, Disable B." Physics says "If I starve the electrons powering the gate that checks A, maybe B stays enabled." CVE-2020-27211 isn't a buffer overflow; it's a reminder that digital security relies entirely on analog stability. And analog stability is remarkably easy to break with a $50 crowbar circuit.

The Flaw: A Race Against Physics

To understand the exploit, we have to look at how the nRF52 boots up. It doesn't just wake up knowing it's locked. It has to learn it's locked.

Here is the simplified boot choreography:

  1. Power On Reset (POR): The chip wakes up.
  2. Internal Housekeeping: Regulators stabilize, clocks start.
  3. Read Configuration: The hardware controller reads the UICR flash area to check settings like voltages and... protection status.
  4. Enforce Protection: If APPROTECT is enabled, the hardware sends a signal to the Debug Access Port (DAP) to sever the link.

See step 3 and 4? That is a temporal gap. There is a finite amount of time—nanoseconds—between the chip reading the "Lock" command and actually locking the door. The vulnerability is simply that the logic responsible for this check is sensitive to voltage fluctuations.

If we can induce a voltage glitch (a sharp drop in VDD) exactly when the internal logic is transferring the value 0x00 from the UICR to the protection controller, we can corrupt the data or the instruction. The controller reads 0xFF (or garbage), assumes protection is disabled (the default state), and leaves the SWD port wide open. It is effectively a race condition between the security logic and a power supply interruption.

The Code: Glitching the Loop

There is no C code to patch here initially, this is a hardware behavior. However, we can visualize the attack logic compared to the hardware state using a diagram. The attacker's code runs on an external FPGA or microcontroller (like a ChipWhisperer) controlling the glitch.

Here is the logic flow of the attack:

The "Code" involved is usually a Python script driving the glitching hardware. It looks something like this:

# Pseudo-code for the glitch loop
scope.glitch.repeat = 1
scope.glitch.width = 100 # ~200ns pulse
 
for offset in range(1000, 5000): # Scan timing offsets
    target.reset()
    scope.glitch.ext_offset = offset
    scope.arm()
    
    # The magic happens here: VDD drops to 0V for 200ns
    # ideally hitting the exact clock cycle of the UICR read.
    
    try:
        # Try to resurrect the debugger
        if target.connect_swd():
            print(f"BOOM! Unlocked at offset {offset}")
            target.dump_flash("firmware.bin")
            break
    except Exception:
        pass # Reset and try again

The target code (the firmware on the nRF52) doesn't even know it's being attacked. It thinks it just had a slightly rough morning booting up.

The Exploit: Bypassing the bouncer

Let's get our hands dirty. How does a researcher actually pull this off? This was brilliantly demonstrated by LimitedResults and later Fraunhofer AISEC.

Phase 1: Board Preparation Voltage glitching requires sharp edges. If the target board has massive decoupling capacitors (which good engineers add to prevent voltage drops), the glitch will be smoothed out into a gentle wave. The attacker must desolder the capacitors on the DEC4 or VDD lines. This makes the chip power-unstable, which is exactly what we want.

Phase 2: The Setup We connect a glitcher (like a ChipWhisperer or a simple MOSFET crowbar circuit) to the voltage rail. We trigger the glitch based on the rising edge of the RESET line.

Phase 3: The Campaign The attack is statistical. We don't know the exact nanosecond delay required. We script the glitcher to delay 100ns after reset, glitch, check SWD. Then reset, delay 101ns, glitch, check SWD.

Eventually, we hit the "Goldilocks zone." The voltage drops low enough to corrupt the logic state but not low enough to trigger a Brown-out Reset (BOR) or crash the CPU entirely. When this hits, the SWD interface, which was supposed to be dead, suddenly responds to a DPIDR read request. The device is unlocked. We can now read out the entire flash memory, including AES keys, Bluetooth mesh secrets, and intellectual property.

The Impact: Debug Resurrection

Why is this terrifying? Because it breaks the "Hardware Root of Trust" assumption.

FIDO2 Keys: Many open-source security tokens (like earlier versions of SoloKeys) used the nRF52840. An attacker who steals your physical key could use this method to dump the flash, extract the private keys, and clone your 2FA token.

IoT Secrets: Smart locks, medical devices, and sensor nodes often store global encryption keys in flash. Extracting one key from one stolen device could allow an attacker to decrypt traffic for the entire fleet.

IP Theft: For vendors, this means your compiled firmware—your secret sauce—is readable. Reverse engineering becomes trivial when you have the binary.

Crucially, this vulnerability is unpatchable in software for existing silicon. The flaw is in the hardware bootrom/logic sequence. You cannot OTA (Over-The-Air) update the physics of the silicon die.

The Fix: Hardware Revision & Software Band-aids

Nordic Semiconductor responded with Informational Notice IN-133. The remediation falls into two buckets: "Buy new chips" and "Harden the software."

1. The Real Fix (Hardware) Nordic released a new silicon revision (Revision 3). This hardware logic was altered to be resilient against this specific glitch vector. If you are building a new product, you check the laser markings on the chip. If it's old stock, it's vulnerable.

2. The Software Workaround (Legacy) For devices already in the field or old stock, Nordic introduced a concept called Secure APPROTECT.

Instead of relying solely on the hardware UICR bit, the firmware itself (in the bootloader) checks if the device should be locked. If it detects the debug port is open but shouldn't be, it executes a loop to disable it or shutdown.

> [!NOTE] > Cynic's Note: This software fix moves the goalposts but doesn't remove them. If the firmware is checking the lock state... we can just glitch the firmware instruction that does the checking. It turns a "Single Glitch" attack into a "Double Glitch" attack (one to bypass hardware lock, one to bypass software check). It raises the bar, but it doesn't close the bar.

Official Patches

Nordic SemiconductorInformational Notice IN-133: nRF52 Series APPROTECT Bypass

Technical Appendix

CVSS Score
5.7/ 10
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Probability
0.08%
Top 77% most exploited

Affected Systems

Nordic Semiconductor nRF52840Nordic Semiconductor nRF52832Nordic Semiconductor nRF52810Devices utilizing nRF52 for FIDO2 (SoloKeys, etc.)Consumer IoT devices utilizing nRF52 BLE SoCs

Affected Versions Detail

Product
Affected Versions
Fixed Version
nRF52840
Nordic Semiconductor
Revision 1 and 2 (Build codes < QxAx)Revision 3
nRF52832
Nordic Semiconductor
Revision 1 and 2Revision 3
AttributeDetail
Attack VectorPhysical (Fault Injection)
CVSS v3.15.7 (Medium)
WeaknessCWE-1247: Improper Protection Against Voltage Fault Injection
ImpactFirmware Dump / Secret Exfiltration
RequirementPhysical Access + Oscilloscope/Glitcher
StatusPatched in Silicon Rev 3

MITRE ATT&CK Mapping

T1589Gather Victim Identity Information
Reconnaissance
T1200Hardware Additions
Initial Access
T1601Modify System Image
Defense Evasion
CWE-1247
Improper Protection Against Voltage Fault Injection

The device does not utilize sufficient protection mechanisms to prevent a physical fault injection attack (such as voltage glitching) from bypassing security controls.

Known Exploits & Detection

LimitedResultsOriginal disclosure and step-by-step guide on voltage glitching the nRF52
Fraunhofer AISECAcademic paper detailing the attack against FIDO2 tokens using this CVE

Vulnerability Timeline

Vulnerability disclosed by LimitedResults
2020-06-01
Nordic Semiconductor releases IN-133 and Rev 3 Silicon
2020-10-01
CVE-2020-27211 Assigned
2021-05-21

References & Sources

  • [1]LimitedResults: nRF52 Debug Resurrection
  • [2]Fraunhofer AISEC Firmware Protection Research

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•36 minutes ago•CVE-2026-35338
7.3

CVE-2026-35338: Path Validation Bypass in uutils/coreutils chmod --preserve-root Option

A path validation bypass vulnerability exists in the chmod utility of uutils/coreutils before version 0.6.0. The '--preserve-root' safety mechanism relies on a literal string comparison, allowing local users to bypass root directory protection via unnormalized paths (such as '/../' or symbolic links) and recursively alter system-wide permissions.

Alon Barad
Alon Barad
2 views•6 min read
•about 1 hour ago•GHSA-7JVP-HJ45-2F2M
7.7

GHSA-7jvp-hj45-2f2m: Scriban Template Writes to Arbitrary CLR Properties via TypedObjectAccessor

An improper access control and mass assignment vulnerability in Scriban allows templates to write to arbitrary, restricted CLR properties (including private, internal, and init-only properties) of context-bound objects, causing unexpected state mutations on the host application heap.

Alon Barad
Alon Barad
2 views•6 min read
•about 2 hours ago•CVE-2022-46292
9.8

CVE-2022-46292: Heap-Based Out-of-Bounds Write in Open Babel MOPAC Parser

A critical heap-based out-of-bounds write vulnerability exists in Open Babel 3.1.1 and master commit 530dbfa3 within the parsing of Translation Vectors in the MOPAC output file format parser. By supplying a crafted MOPAC file containing more than three translation vector entries under the Unit Cell Translation block, an attacker can corrupt heap memory. This vulnerability can lead to arbitrary code execution or denial of service.

Alon Barad
Alon Barad
3 views•6 min read
•about 7 hours ago•CVE-2026-48276
10.0

CVE-2026-48276: Unrestricted File Upload in Adobe ColdFusion

Adobe ColdFusion versions 2025.9 and 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434). An unauthenticated remote attacker can exploit this flaw to upload malicious ColdFusion Markup Language (CFML) files directly into web-accessible directories. Accessing the uploaded script triggers arbitrary code execution in the security context of the running service account.

Amit Schendel
Amit Schendel
15 views•6 min read
•about 11 hours ago•CVE-2026-46599
7.5

CVE-2026-46599: Unrestricted Memory Allocation in golang.org/x/image/tiff PackBits Decoder

CVE-2026-46599 (also identified by Go vulnerability alias GO-2026-5032) is a high-severity denial-of-service vulnerability in the Go image repository, specifically within the TIFF decoder's PackBits decompression engine. A lack of resource limits during the parsing of Run-Length Encoded PackBits streams allows an attacker to construct a crafted TIFF image that achieves significant decompression amplification. This flaw enables an unauthenticated remote attacker to exhaust system resources, leading to an Out-of-Memory crash or a prolonged application hang.

Alon Barad
Alon Barad
29 views•7 min read
•3 days ago•CVE-2026-54269
5.3

CVE-2026-54269: Runtime Property Shadowing and Denial of Service in protobufjs

A property shadowing vulnerability exists in protobufjs where schema-derived names can collide with and overwrite runtime-critical internal helper properties. This issue leads to uncaught runtime exceptions and crash-based Denial of Service.

Alon Barad
Alon Barad
11 views•6 min read