Semtech LR11xx LoRa Transceivers Secure Boot Vulnerability Allowing Unauthorized Firmware Installation

Vulnerability

A vulnerability exists in the Semtech LR11xx LoRa transceivers due to the use of a non-standard cryptographic hashing algorithm in the secure boot process. This algorithm is susceptible to second preimage attacks, allowing an attacker with physical access to the device to create a malicious firmware image that collides with the hash of a legitimate one. By exploiting this flaw, the attacker can bypass the secure boot verification and install unauthorized firmware on the device.

Impact

Exploitation of this vulnerability allows for the installation of arbitrary, unauthorized firmware on the affected device, potentially leading to unauthorized control or functionality.

Added: Apr 7, 2026, 10:32 PM

Updated: Apr 7, 2026, 10:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Semtech LR11xx LoRa Transceivers Secure Boot Vulnerability Allowing Unauthorized Firmware Installation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating