CWE-1242: Inclusion of Undocumented Features or Chicken Bits
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
Last updated
Overview
A common design practice is to use undocumented bits on a device that can be used to disable certain functional security features. These bits are commonly referred to as "chicken bits". They can facilitate quick identification and isolation of faulty components, features that negatively affect performance, or features that do not provide the required controllability for debug and test. Another way to achieve this is through implementation of undocumented features.
Real-world CVEs
13 recorded CVEs are caused by CWE-1242 (Inclusion of Undocumented Features or Chicken Bits). The highest-severity and most recent are shown first. 4 new CWE-1242 CVEs have been recorded so far in 2026 (5 in 2025).
- CVE-2025-12176
Undocumented Administrative Accounts
Critical · CVSS 10.0 · EPSS 23th2025-10-24 - CVE-2025-55050Critical · CVSS 9.8 · EPSS 24th2025-09-09
- CVE-2017-20204
DBLTek GoIP Telnet Admin Interface Undocumented Backdoor
Critical · CVSS 9.3 · EPSS 54th2025-10-15 - CVE-2023-3634
Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions
High · CVSS 8.8 · EPSS 40th2026-04-16 - CVE-2026-24714High · CVSS 8.7 · EPSS 14th2026-01-30
- CVE-2025-41756
Arbitrary Write with ubr-editfile
High · CVSS 8.1 · EPSS 25th2026-03-09 - CVE-2025-22450High · CVSS 7.5 · EPSS 29th2025-01-22
- CVE-2024-52564High · CVSS 7.5 · EPSS 44th2024-12-05
- CVE-2024-54457High · CVSS 7.2 · EPSS 33th2024-12-18
- CVE-2025-52548
Enabling SSH and Shellinabox on the vulnerable machine
Medium · CVSS 6.9 · EPSS 25th2025-09-02 - CVE-2025-41754
Arbitrary Read with ubr-editfile
Medium · CVSS 6.5 · EPSS 26th2026-03-09 - CVE-2024-7011Medium · CVSS 6.5 · EPSS 24th2024-09-27
Showing 12 of 13 recorded CWE-1242 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-1242 vulnerabilitiesCommon consequences
What can happen when CWE-1242 is exploited.
Modify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism
Affects: Confidentiality, Integrity, Availability, Access Control
An attacker might exploit these interfaces for unauthorized access.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1242, grouped by where in the lifecycle they apply.
The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented.
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Consider a device that comes with various security measures, such as secure boot. The secure-boot process performs firmware-integrity verification at boot time, and this code is stored in a separate SPI-flash device. However, this code contains undocumented "special access features" intended to be used only for performing failure analysis and intended to only be unlocked by the device designer.
Vulnerable example
Attackers dump the code from the device and then perform reverse engineering to analyze the code. The undocumented, special-access features are identified, and attackers can activate them by sending specific commands via UART before secure-boot phase completes. Using these hidden features, attackers can perform reads and writes to memory via the UART interface. At runtime, the attackers can also execute arbitrary code and dump the entire memory contents.Remove all chicken bits and hidden features that are exposed to attackers. Add authorization schemes that rely on cryptographic primitives to access any features that the manufacturer does not want to expose. Clearly document all interfaces.
Terminology & mappings
Mapped taxonomies
- ISA/IEC 62443: Req SD-4 (Part 4-1)
- ISA/IEC 62443: Req SVV-3 (Part 4-1)
- ISA/IEC 62443: Req CR 2.12 (Part 4-2)
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1242.
- What is CWE-1242?
- The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
- What CVEs are caused by CWE-1242?
- 13 recorded CVEs are attributed to CWE-1242, including CVE-2025-12176, CVE-2025-55050, CVE-2017-20204.
- How do you prevent CWE-1242?
- The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented.
- What are the consequences of CWE-1242?
- Exploiting CWE-1242 can lead to: Modify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism.
- Is CWE-1242 actively exploited?
- 13 recorded CVEs are caused by CWE-1242; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1242) (opens in a new tab)
- CWE-1242 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1242
Get alerted the moment a new CWE-1242 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.