CWE-1191: On-Chip Debug and Test Interface With Improper Access Control
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.
Last updated
Overview
A device's internal information may be accessed through a scan chain of interconnected internal registers, usually through a JTAG interface. The JTAG interface provides access to these registers in a serial fashion in the form of a scan chain for the purposes of debugging programs running on a device. Since almost all information contained within a device may be accessed over this interface, device manufacturers typically insert some form of authentication and authorization to prevent unintended use of this sensitive information. This mechanism is implemented in addition to on-chip protections that are already present. If authorization, authentication, or some other form of access control is not implemented or not implemented correctly, a user may be able to bypass on-chip protection mechanisms through the debug interface. Sometimes, designers choose not to expose the debug pins on the motherboard. Instead, they choose to hide these pins in the intermediate layers of the board. This is primarily done to work around the lack of debug authorization inside the chip. In such a scenario (without debug authorization), when the debug interface is exposed, chip internals are accessible to an attacker.
Real-world CVEs
20 recorded CVEs are caused by CWE-1191 (On-Chip Debug and Test Interface With Improper Access Control). The highest-severity and most recent are shown first. 2 new CWE-1191 CVEs have been recorded so far in 2026 (12 in 2025).
- CVE-2024-48970Critical · CVSS 9.3 · EPSS 12th2024-11-14
- CVE-2025-52533High · CVSS 8.7 · EPSS 19th2026-02-12
- CVE-2025-9709
NRF52810 Runtime EM Fault Injection APPROTECT Bypass
High · CVSS 8.6 · EPSS 12th2025-09-05 - CVE-2024-41692High · CVSS 8.6 · EPSS 19th2024-07-26
- CVE-2025-65821High · CVSS 7.5 · EPSS 24th2025-12-10
- CVE-2023-32666High · CVSS 7.2 · EPSS 5th2024-03-14
- CVE-2025-65822Medium · CVSS 6.8 · EPSS 8th2025-12-10
- CVE-2025-47819Medium · CVSS 6.8 · EPSS 12th2025-06-27
- CVE-2025-47822Medium · CVSS 6.8 · EPSS 11th2025-06-27
- CVE-2025-26409
Access to Bootloader and Shell Over Serial Interface
Medium · CVSS 6.8 · EPSS 25th2025-02-11 - CVE-2024-4231Medium · CVSS 6.8 · EPSS 43th2024-05-10
- CVE-2022-43096Medium · CVSS 6.8 · EPSS 42th2022-11-17
Showing 12 of 20 recorded CWE-1191 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-1191 vulnerabilitiesCommon consequences
What can happen when CWE-1191 is exploited.
Read Application Data
Affects: Confidentiality
Read Memory
Affects: Confidentiality
Execute Unauthorized Code or Commands
Affects: Authorization
Modify Memory
Affects: Integrity
Modify Application Data
Affects: Integrity
Bypass Protection Mechanism
Affects: Access Control
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-1191, grouped by where in the lifecycle they apply.
If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.
Effectiveness: High
How to detect it
Dynamic Analysis with Manual Results Interpretation
Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification ("Security by obscurity") should not be considered as sufficient security.
Dynamic Analysis with Manual Results Interpretation
Dynamic tests should be done in the pre-silicon and post-silicon stages to verify that the debug and test interfaces are not open by default.
Fuzzing
Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible.
Effectiveness: Moderate
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
A home, WiFi-router device implements a login prompt which prevents an unauthorized user from issuing any commands on the device until appropriate credentials are provided. The credentials are protected on the device and are checked for strength against attack.
JTAG is useful to chip and device manufacturers during design, testing, and production and is included in nearly every product. Without proper authentication and authorization, the interface may allow tampering with a product.
The following example code is a snippet from the JTAG wrapper module in the RISC-V debug module of the HACK@DAC'21 Openpiton SoC [REF-1355]. To make sure that the JTAG is accessed securely, the developers have included a primary authentication mechanism based on a password.
The example code below is taken from the JTAG access control mechanism of the HACK@DAC'21 buggy OpenPiton SoC [REF-1364]. Access to JTAG allows users to access sensitive information in the system. Hence, access to JTAG is controlled using cryptographic authentication of the users. In this example (see the vulnerable code source), the password checker uses HMAC-SHA256 for authentication. It takes a 512-bit secret message from the user, hashes it using HMAC, and compares its output with the expected output to determine the authenticity of the user.
Vulnerable example
Write: beginSafe example
Write: beginIllustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2019-18827 — chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1191.
- What is CWE-1191?
- The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.
- What CVEs are caused by CWE-1191?
- 20 recorded CVEs are attributed to CWE-1191, including CVE-2024-48970, CVE-2025-52533, CVE-2025-9709.
- How do you prevent CWE-1191?
- If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.
- How is CWE-1191 detected?
- Dynamic Analysis with Manual Results Interpretation: Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification ("Security by obscurity") should not be considered as sufficient security.
- What are the consequences of CWE-1191?
- Exploiting CWE-1191 can lead to: Read Application Data, Read Memory, Execute Unauthorized Code or Commands, Modify Memory, Modify Application Data, Bypass Protection Mechanism.
- Is CWE-1191 actively exploited?
- 20 recorded CVEs are caused by CWE-1191; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1191) (opens in a new tab)
- CWE-1191 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1191
Get alerted the moment a new CWE-1191 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.