A
s UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to reflash the device with their own firmware which may contain malicious modifications.
References
| Link | Resource |
|---|---|
| https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-uart-download-mode-enabled-md | Third Party Advisory |
| https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/UART-Download-Mode-Enabled.md | Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Jan 2026, 19:09
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:meatmeet:meatmeet_pro_wifi_\&_bluetooth_meat_thermometer:-:*:*:*:*:*:*:* cpe:2.3:o:meatmeet:meatmeet_pro_wifi_\&_bluetooth_meat_thermometer_firmware:1.0.34.4:*:*:*:*:*:*:* |
|
| First Time |
Meatmeet meatmeet Pro Wifi \& Bluetooth Meat Thermometer
Meatmeet Meatmeet meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware |
|
| References | () https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-uart-download-mode-enabled-md - Third Party Advisory | |
| References | () https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/UART-Download-Mode-Enabled.md - Third Party Advisory |
12 Dec 2025, 15:18
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-10 21:16
Updated : 2026-01-21 19:09
NVD link : CVE-2025-65821
Mitre link : CVE-2025-65821
CVE.ORG link : CVE-2025-65821
JSON object : View
Products Affected
CWE
CWE-1191
On-Chip Debug and Test Interface With Improper Access Control