CVE-2021-21971

low-risk
Published 2022-02-04

An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Do I need to act?

-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Seaconnect 370W Firmware

Affected Vendors

Sealevel

References (3)

Not Applicable https://talosintelligence.com/vulnerability_reports/TALOS-2021-1406
Exploit https://talosintelligence.com/vulnerability_reports/TALOS-2021-1397
Not Applicable https://talosintelligence.com/vulnerability_reports/TALOS-2021-1406
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal