Donjon's Trezor Safe 3 evaluation

Reportada en November 12, 2024

Ledger Donjon evaluated our Trezor Safe Family and successfully reused a previously known attack to demonstrate how some countermeasures against supply chain attacks in Trezor Safe 3 can be bypassed. Trezor Safe 5 is not affected because it uses a more recent microcontroller designed to be more resilient to similar attacks.

Reportada por Ledger Donjon

Post en nuestro blog

Trezor Safe 3

Vulnerabilidades solucionadas

Reportada por la comunidad. Investigada. Solucionada. Porque tu seguridad no es una opción.

Inability to cancel certain flows on pre-production firmware
31 de octubre de 2025
Missing confirmation in the ECDHSessionKey call
26 de noviembre de 2023
XSS in Trezor Connect legacy versions
7 de febrero de 2023
Insufficient field size check in Protobuf
12 de julio de 2021
XSS in Trezor Connect
3 de agosto de 2020
Missing path isolation check
14 de julio de 2020