CVE-2025-36755
Dec. 12, 2025, 3:17 p.m.
2.4
Low
Description
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.
Product(s) Impacted
| Product | Versions |
|---|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-1191
On-Chip Debug and Test Interface With Improper Access Control
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.
Tags
CVSS Score
CVSS Data - 4.0
- Attack Vector: PHYSICAL
- Attack Complexity: LOW
- Attack Requirements: NONE
- Privileges Required: NONE
- User Interaction: NONE
- Scope:
- Confidentiality Impact: LOW
- Integrity Impact: NONE
- Availability Impact: NONE
- Exploit Maturity: NOT_DEFINED
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:D/RE:L/U:Green
Timeline
Published: Dec. 12, 2025, 3:15 p.m.
Last Modified: Dec. 12, 2025, 3:17 p.m.
Last Modified: Dec. 12, 2025, 3:17 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
csirt@divd.nl
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.