First published: Thu Aug 05 2021(Updated: )
In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microchip MiWi | =6.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-37604 is a vulnerability in version 6.5 of Microchip MiWi software and all previous versions, including legacy products, that allows an attacker to increment incoming frame counter values.
CVE-2021-37604 has a severity rating of high with a CVSS score of 7.5.
CVE-2021-37604 affects version 6.5 of Microchip MiWi software and all previous versions, including legacy products, by potentially allowing an attacker to manipulate frame counter values.
CVE-2021-37604 is specific to version 6.5 of Microchip MiWi software and all previous versions, including legacy products.
To mitigate the vulnerability, it is recommended to update Microchip MiWi software to a version that is not affected by CVE-2021-37604.