u-boot bug that allows for u-boot shell and interrupt over UART
A flaw in the u-boot bootloader implementation on Google Chromecast devices allows interaction with the u-boot shell and interruption of the boot sequence through the UART interface without requiring authentication. The lack of required identity verification (CWE-306) means that anyone with physical or logical access to the UART interface can issue commands directly in the bootloader environment. This enables interference with the system startup process at a very low level.
An attacker can gain full control over the device boot process, potentially modifying or replacing firmware, bypassing secure boot mechanisms, and obtaining elevated privileges in the system — resulting in complete violation of confidentiality, integrity, and availability.
Apply patches available from the manufacturer according to references — Google Chromecast security bulletin from December 2023 (2023-12-01) available at: https://source.android.com/docs/security/bulletin/chromecast/2023-12-01
Google Chromecast Firmware on devices: Google Chromecast GA00439, Google Chromecast GA3A00403A14, Google Chromecast H2G2-42, Google Chromecast NC2-645B
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HGoogle Chromecast Firmware
OSGoogle5.0Google Chromecast Ga00439
HWGooglewszystkie wersjeGoogle Chromecast Ga3a00403a14
HWGooglewszystkie wersjeGoogle Chromecast H2g2 42
HWGooglewszystkie wersjeGoogle Chromecast Nc2 645b
HWGooglewszystkie wersjeGoogle Chromecast Nc2 6a5
HWGooglewszystkie wersjeGoogle Chromecast Nc2 6a5 D
HWGooglewszystkie wersjeGoogle Chromecast Rux J42
HWGooglewszystkie wersje
Related vulnerabilities
Brak sprawdzania uprawnień w aplikacji KeyChainActivity na urządzeniach Google Chromecast
Privilege escalation poprzez podatność w U-Boot shell na Google Chromecast
Podatność U-Boot w Google Chromecast umożliwiająca trwałe wykonanie kodu
RCE w Google Chromecast — trwałe wykonanie kodu przez błąd BCB
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding atta...