ID
VAR-202202-1821
CVE
CVE-2021-21962
TITLE
Sealevel Systems, Inc. SeaConnect 370W Out-of-bounds write vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2021-018276
DESCRIPTION
A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability. Sealevel Systems, Inc. SeaConnect 370W Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Used to remotely monitor and control the status of the actual I/O process
Trust: 2.7
sources:
NVD: CVE-2021-21962 //
JVNDB: JVNDB-2021-018276 //
CNVD: CNVD-2022-10700 //
CNNVD: CNNVD-202202-098
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2022-10700
AFFECTED PRODUCTS
| vendor: | sealevel | model: | seaconnect 370w | scope: | eq | version: | 1.3.34 | Trust: 1.0 |
| vendor: | sealevel | model: | seaconnect 370w | scope: | eq | version: | seaconnect 370w firmware 1.3.34 | Trust: 0.8 |
| vendor: | sealevel | model: | seaconnect 370w | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | sealevel | model: | systems seaconnect 370w | scope: | eq | version: | v1.3.34 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-10700 //
JVNDB: JVNDB-2021-018276 //
NVD: CVE-2021-21962
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2022-10700 //
JVNDB: JVNDB-2021-018276 //
CNNVD: CNNVD-202202-098 //
NVD: CVE-2021-21962 //
NVD: CVE-2021-21962
PROBLEMTYPE DATA
| problemtype: | CWE-122 | Trust: 1.0 |
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-018276 //
NVD: CVE-2021-21962
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202202-098
TYPE
buffer error
Trust: 0.6
sources:
CNNVD: CNNVD-202202-098
PATCH
| title: | SeaConnect 370W Wi-Fi IIoT Edge Device | url: | https://www.sealevel.com/product/370w-a-wifi-to-form-c-relays-digital-inputs-a-d-inputs-and-1-wire-bus-seaconnect-multifunction-io-edge-module-powered-by-seacloud/ | Trust: 0.8 |
| title: | Patch for Sealevel Systems SeaConnect 370W Buffer Overflow Vulnerability (CNVD-2022-10700) | url: | https://www.cnvd.org.cn/patchInfo/show/319861 | Trust: 0.6 |
| title: | Sealevel Systems SeaConnect 370W Buffer error vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180915 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-10700 //
JVNDB: JVNDB-2021-018276 //
CNNVD: CNNVD-202202-098
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-21962 | Trust: 3.8 |
| db: | TALOS | id: | TALOS-2021-1390 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2021-018276 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-10700 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202202-098 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-10700 //
JVNDB: JVNDB-2021-018276 //
CNNVD: CNNVD-202202-098 //
NVD: CVE-2021-21962
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2021-1390 | Trust: 3.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-21962 | Trust: 1.4 |
sources:
CNVD: CNVD-2022-10700 //
JVNDB: JVNDB-2021-018276 //
CNNVD: CNNVD-202202-098 //
NVD: CVE-2021-21962
CREDITS
Discovered by Francesco Benvenuto and Matt Wiseman of Cisco Talos.
Trust: 0.6
sources:
CNNVD: CNNVD-202202-098
SOURCES
| db: | CNVD | id: | CNVD-2022-10700 |
| db: | JVNDB | id: | JVNDB-2021-018276 |
| db: | CNNVD | id: | CNNVD-202202-098 |
| db: | NVD | id: | CVE-2021-21962 |
LAST UPDATE DATE
2024-08-14T14:37:39.260000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-10700 | date: | 2022-02-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-018276 | date: | 2023-04-28T05:55:00 |
| db: | CNNVD | id: | CNNVD-202202-098 | date: | 2022-02-17T00:00:00 |
| db: | NVD | id: | CVE-2021-21962 | date: | 2022-07-29T16:32:12.777 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-10700 | date: | 2022-02-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-018276 | date: | 2023-04-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-202202-098 | date: | 2022-02-01T00:00:00 |
| db: | NVD | id: | CVE-2021-21962 | date: | 2022-02-04T23:15:10.557 |