Vulnerability Description
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-36755?
CVE-2025-36755 is a documented vulnerability. The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing ...
How severe is CVE-2025-36755?
CVSS scoring is not yet available for CVE-2025-36755. Check NVD for updates.
Is there a patch for CVE-2025-36755?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.