CWE-1277: Firmware Not Updateable
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.
扩展描述
Without the ability to patch or update firmware, consumers will be left vulnerable to exploitation of any known vulnerabilities, or any vulnerabilities that are discovered in the future. This can expose consumers to permanent risk throughout the entire lifetime of the device, which could be years or decades. Some external protective measures and mitigations might be employed to aid in preventing or reducing the risk of malicious attack, but the root weakness cannot be corrected.
常见后果
影响范围: Confidentiality Integrity Access Control Authentication Authorization
技术影响: Gain Privileges or Assume Identity Bypass Protection Mechanism Execute Unauthorized Code or Commands DoS: Crash, Exit, or Restart
说明: If an attacker can identify an exploitable vulnerability in one device that has no means of patching, the attack may be used against an entire class of devices.
潜在缓解措施
阶段: Requirements
描述: Specify requirements to include the ability to update the firmware. Include integrity checks and authentication to ensure that untrusted firmware cannot be installed.
阶段: Architecture and Design
描述: Design the device to allow for updating the firmware. Ensure that the design specifies how to distribute the updates and ensure their integrity and authentication.
阶段: Implementation
描述: Implement the necessary functionality to allow the firmware to be updated.
检测方法
方法: Manual Analysis
Create a new installable boot image of the current build with a minor version number change. Use the standard installation method to update the boot image. Verify that the minor version number has changed. Create a fake image. Verify that the boot updater will not install the fake image and generates an "invalid image" error message or equivalent.
有效性: High
方法: Architecture or Design Review
Check the consumer or maintainer documentation, the architecture/design documentation, or the original requirements to ensure that the documentation includes details for how to update the firmware.
有效性: Moderate
方法: Manual Dynamic Analysis
Determine if there is a lack of a capability to update read-only memory (ROM) structure. This could manifest as a difference between the latest firmware version and the current version within the device.
有效性: High
观察示例
参考: CVE-2020-9054
Chain: network-attached storage (NAS) device has a critical OS command injection (CWE-78) vulnerability that is actively exploited to place IoT devices into a botnet, but some products are "end-of-support" and cannot be patched (CWE-1277). [REF-1097]
参考: [REF-1095]
A hardware "smart lock" has weak key generation that allows attackers to steal the key by BLE sniffing, but the device's firmware cannot be upgraded and hence remains vulnerable [REF-1095].
引入模式
| 阶段 | 说明 |
|---|---|
| Requirements | Requirements development might not consider the importance of updates over the lifetime of the product, or might not choose the ability due to concerns such as expense or speed to market. |
| Architecture and Design | Lack of planning during architecture development and design, or external pressures such as speed to market, could ignore the capability to update. |
| Implementation | The weakness can appear through oversight during implementation. |