Vulnerability Description
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microchip | Miwi | 6.5 |
Related Weaknesses (CWE)
References
- https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-reVendor Advisory
- https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-reRelease NotesVendor Advisory
- https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-cVendor Advisory
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerabVendor Advisory
- https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protVendor Advisory
- https://www.microchip.com/product-change-notifications/#/Vendor Advisory
- https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-reVendor Advisory
- https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-reRelease NotesVendor Advisory
- https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-cVendor Advisory
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerabVendor Advisory
- https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protVendor Advisory
- https://www.microchip.com/product-change-notifications/#/Vendor Advisory
FAQ
What is CVE-2021-37605?
CVE-2021-37605 is a vulnerability with a CVSS score of 7.5 (HIGH). In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
How severe is CVE-2021-37605?
CVE-2021-37605 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37605?
Check the references section above for vendor advisories and patch information. Affected products include: Microchip Miwi.