First published: Wed Feb 16 2022(Updated: )
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ti Simplelink Cc32xx Software Development Kit | <5.30.00.08 | |
Ti Cc3120 | ||
Ti Cc3130 | ||
Ti Cc3135 | ||
Ti Cc3220r | ||
Ti Cc3220s | ||
Ti Cc3220sf | ||
Ti Cc3230s | ||
Ti Cc3230sf | ||
Ti Cc3235s | ||
Ti Cc3235sf | ||
Ti Cc3100 Firmware | <1.0.1.15-2.15.0.1 | |
Ti Cc3100 | ||
Ti Cc3200 Firmware | <1.0.1.15-2.15.0.1 | |
Ti Cc3200 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-21966 is medium with a severity value of 5.3.
The affected software of CVE-2021-21966 is the Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0.
CVE-2021-21966 exploit is triggered by a specially-crafted HTTP request that can lead to an uninitialized read.
Yes, Ti Simplelink Cc32xx Software Development Kit version up to 5.30.00.08 is vulnerable to CVE-2021-21966.
There is no known fix for CVE-2021-21966 at the moment. It is recommended to follow the vendor's advisory for updates and patches.