Vulnerability Description
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ti | Simplelink Cc32Xx Software Development Kit | < 5.30.00.08 |
| Ti | Cc3120 | - |
| Ti | Cc3130 | - |
| Ti | Cc3135 | - |
| Ti | Cc3220R | - |
| Ti | Cc3220S | - |
| Ti | Cc3220Sf | - |
| Ti | Cc3230S | - |
| Ti | Cc3230Sf | - |
| Ti | Cc3235S | - |
| Ti | Cc3235Sf | - |
| Ti | Cc3100 Firmware | < 1.0.1.15-2.15.0.1 |
| Ti | Cc3100 | - |
| Ti | Cc3200 Firmware | < 1.0.1.15-2.15.0.1 |
| Ti | Cc3200 | - |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1393ExploitThird Party Advisory
- https://www.ti.com/lit/an/swra740/swra740.pdf?ts=1645536893264&Vendor Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1393ExploitThird Party Advisory
FAQ
What is CVE-2021-21966?
CVE-2021-21966 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an ...
How severe is CVE-2021-21966?
CVE-2021-21966 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21966?
Check the references section above for vendor advisories and patch information. Affected products include: Ti Simplelink Cc32Xx Software Development Kit, Ti Cc3120, Ti Cc3130, Ti Cc3135, Ti Cc3220R.