Message Authentication Vulnerability in Microchip MiWi Software
CVE-2021-37604

7.5HIGH

Key Information:

Vendor

Microchip

Status
Miwi
Vendor
CVE Published:
5 August 2021

What is CVE-2021-37604?

The MiWi software versions up to 6.5 are vulnerable due to improper handling of frame counters, allowing attackers to exploit the system by injecting messages with artificially high frame counter values and invalid payloads. This can lead to denial of service and potentially facilitate replay attacks within the stack, compromising network integrity.

References

https://www.microchip.com/product-change-notifications/#/
x_refsource_MISC
https://www.microchip.com/en-us/products/wireless-connect...
x_refsource_MISC
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-rele...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-37604 : Message Authentication Vulnerability in Microchip MiWi Software