Vulnerability CVE-2022-30330
Published: 2022-05-07

Description:
In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or knows the victim's seed phrase. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware.

 References:
https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2
https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc
Copyright 2026, cxsecurity.com

 

Back to Top