SBAA814 May   2026 CC2744R7-Q1 , CC2745P10-Q1 , CC2745R10-Q1 , CC2745R7-Q1 , CC2755P10 , CC2755R10

 

  1.   1
  2.   Summary
  3.   Vulnerability
  4.   Trademarks

Vulnerability

CVE ID

None

CVSS Score

7.6

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Device Part Number Affected Version
CC2745R10-Q1, CC2745R7-Q1, CC2744R7-Q1, CC2745P10-Q1, CC2755R10, CC2755P10 Rev F and former

Potentially Impacted Features

The Debug Authentication can be bypassed via a physical debug interface if both the configurations below are simultaneously enabled:

  1. Debug Authentication Mode is enabled in CCFG
  2. Tools Client Mode is enabled in both CCFG and SCFG

Bypassing the debug authentication can affect the security of the application code and data stored in the device's memory. Note that this vulnerability cannot be exploited with remote or local wireless access. Refer to CVSS vector above for further details.

As noted above, this vulnerability is not applicable and does not impact customer systems if customers have followed the guidance outlined in Section 10.1 and Section 9.1.5 of the CC27xx Technical Reference Manual.

Suggested Mitigations

Section 10.1 Guidelines for Securely Configuring Your Device of the CC27xx Technical Reference Manual instructs customers to Disable xcfg.permissions.allowToolsClientMode (Section 10.1.4 Configure Device Permissions) prior to deployment to the field.

Tools Client Mode configuration is enabled by default in software examples provided by TI for development purposes. If Debug Authentication is enabled, the issue described above can be avoided by disabling the Tools Client Mode configuration. Following the recommendations in Section 10.1.4 on how to configure device permissions to disable tools Client Mode prior to deployment to the field, and in Section 9.1.5 of the CC27xx Technical Reference Manual on how to establish the most secure configuration, prevents this vulnerability from occurring. The Tools Client Mode feature can be enabled during application development, as required, but is recommended to disable the feature for production devices before deployment to the field.

Tools Client Mode is disabled by writing CCFG_PERMISSION_FORBID in the ccfg.permissions.allowToolsClientMode field of the CCFG.

  • For SysConfig-enabled projects, the option SysConfig > Device Configuration > Secure Configuration Permissions > Allow Tools Client Mode must be deactivated.
  • For Zephyr projects, this configuration is enabled through KConfig symbols set in the prj.conf file. The symbol CC27XX_ALLOW_TOOLS_CLIENT_MODE must be set to n.

Disabling only the Tools Client Mode in CCFG is sufficient because the most restrictive configuration between CCFG and SCFG — in this case the disabled configuration for CCFG — is applied.

References

  • Texas Instruments, CC27xx SimpleLink™ Wireless MCU technical reference manual
    • Section 10.1 Securely Configuring Your Device includes instructions in Section 10.1.4 to disable Tools Client Mode. This guidance also appears in Section 9.1.5 Flashless Test Mode and Tools Client Mode, which addresses measures to take to establish the most secure configuration.