CVE-2021-37605

December 16, 2021

In version 6.5 of MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.

Summary:

In version 6.5 of MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.

Reference Links(if available):

  • https://www.microchip.com/product-change-notifications/#/
  • https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads
  • https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol
  • https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf
  • https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf

    • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    Links to Exploits(if available)

  • You may have missed

    image

    [RAWORLD] – Ransomware Victim: Co****nt

    November 25, 2024
    image

    [KILLSEC] – Ransomware Victim: inv[[.][.][.]]nator

    November 25, 2024
    image

    [KILLSEC] – Ransomware Victim: Ithbar

    November 25, 2024
    image

    [KILLSEC] – Ransomware Victim: RiverRestHome

    November 25, 2024
    image

    [KILLSEC] – Ransomware Victim: Dardoc

    November 25, 2024