| Vulnerability | Date Reported | Notes | Details |
|---|---|---|---|
| Missing confirmation screen in the ECDHSessionKey call | 2023-11-26 | Impact: Skipped confirm on TS3 Severity: Medium Fix: Firmware 2.6.4 for Trezor Safe 3 Reported By: Mathias Herberts |
GitHub |
| XSS in Trezor Connect legacy versions | 2023-02-07 | Impact: Possible phishing attack Severity: Medium Scalability: Remote (Interaction) Reported By: Jun Kokatsu |
GitHub |
| Insufficient field size check in Protobuf | 2021-07-12 | Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.10.3 Reported By: Stellar Development Foundation |
GitHub |
| Read Protection Downgrade Attack | - | Impact: Seed Exposure Scalability: Local invasive Reported By: Kraken |
GitHub |
| Monero unlock_time issue | 2020-02-01 | Impact: Destruction of Funds Severity: High Scalability: Remote (Interaction) Fix: Firmware 2.3.0 Reported By: Sebastian Kung |
GitHub |
| Possible large transaction fee via two Segwit transactions | 2020-03-03 | Impact: Destruction of Funds Severity: High Scalability: Remote (Interaction) Fix: Firmware 1.9.1 for Model One and 2.3.1 for Model T Reported By: Saleem Rashid |
GitHub |
| Malicious change in mixed transactions | 2020-03-07 | Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 2.3.0 Reported By: Saleem Rashid |
GitHub |
| Insufficient field size check in Protobuf | - | - | GitHub |
| Malicious change in mixed transactions | 2020-03-02 | Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 2.3.0 Reported By: Saleem Rashid |
GitHub |
| OP_RETURN treated as change output | 2020-03-02 | Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: 1.9.0 + 2.3.0 Reported By: Saleem Rashid |
GitHub |
| Malicious change in mixed transactions | 2019-10-01 | Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 2.1.8 Reported By: Marko Bencun |
GitHub |
| Information leak via OLED display | 2019-04-08 | Impact: TBD Severity: TBD Scalability: Local (Non-invasive) Fix: Firmware 1.8.2 Reported By: Christian Reitter |
GitHub |
| Secret information leak via USB Descriptors | 2019-01-02 | Impact: Seed Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.8.0 for Model One and 2.1.0 for Model T Reported By: Colin O'Flynn |
GitHub |
| SRAM dump via glitching the firmware update | 2018-12-27 | Impact: Seed Exposure Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.8.0 Reported By: wallet.fail |
GitHub |
| Information leak via U2F | 2018-11-26 | Impact: TBD Severity: TBD Scalability: Remote (Unlocked) Fix: Firmware 1.7.2 Reported By: Christian Reitter Rashid |
GitHub |
| Side-channel analysis (SCA) of PIN comparison | 2018-10-31 | Impact: Theft of Funds Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.8.0 Reported By: Charles Guillemet |
GitHub |
| Buffer overflow in bech32_decode/cash_decode | 2018-09-26 | Impact: Device freeze Severity: None Scalability: Remote (Interaction) Fix: Firmware 1.7.1 Reported By: Christian Reitter |
GitHub |
| MPU circumvention via SYSCFG registers | 2018-08-07 | Impact: - Severity: - Scalability: Supply Chain Fix: Firmware 1.6.3 Reported By: Sunny |
GitHub |
| Buffer overflow in message processing | 2018-05-25 | Impact: Seed Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.6.2 Reported By: Christian Reitter |
GitHub |
| Race condition in recovery | 2018-05-25 | Impact: Seed Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.6.2 Reported By: Christian Reitter |
GitHub |
| STM32F205 write-protection issue | 2018-02-12 | Impact: - Severity: - Scalability: Supply Chain Fix: Firmware 1.6.1 Reported By: Saleem Rashid |
GitHub |
| Note on fixing SRAM memory access | - | - | GitHub |
| Note on theoretical fault attack vector (2017 DEFCON talk) | - | - | GitHub |
| Secret leak via SRAM residue | 2017-08-01 | Impact: Seed Exposure Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.5.2 Reported By: Sunny |
GitHub |
| Possible key extraction with oscilloscope | 2015-03-26 | Impact: Key Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.3.3 Reported By: Jochen Hoenicke |
GitHub |
| Malicious change in mixed transactions | 2015-02-23 | Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.3.1 Reported By: Nicolas Bacca |
GitHub |
| Malicious ScriptSig in signed transaction | 2014-07-30 | Impact: Seed Exposure Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.2.0 Reported By: Nicolas Bacca |
GitHub |
| XSS in Trezor Connect | - | - | GitHub |
| CSRF issues in Dropbox integration | - | - | GitHub |
| Missing path isolation check | 2018-03-01 | Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.9.2 Reported By: Yura Pakhuchiy |
GitHub |