Vulnerability Details CVE-2021-37605
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf
- https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf
- https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability
- https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol
- https://www.microchip.com/product-change-notifications/#/
- https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf
- https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf
- https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability
- https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol
- https://www.microchip.com/product-change-notifications/#/