CVE-2020-16630
https://notcve.org/view.php?id=CVE-2020-16630
TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission. • http://software-dl.ti.com/simplelink/esd/simplelink_cc13x2_26x2_sdk/3.20.00.68/exports/changelog.html https://www.usenix.org/system/files/sec20-zhang-yue.pdf • CWE-863: Incorrect Authorization •
CVE-2021-34149
https://notcve.org/view.php?id=CVE-2021-34149
The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. Una implementación de Bluetooth Classic en el Texas Instruments CC256XCQFN-EM, no maneja apropiadamente la recepción de paquetes LMP_AU_Rand continuos, permitiendo a atacantes en el rango de radio desencadenar una denegación de servicio (deadlock) del dispositivo inundándolo con paquetes LMP_AU_Rand después del procedimiento de paginación • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf https://www.ti.com/product/CC2564C https://www.ti.com/tool/CC256XC-BT-SP#primary-sw •
CVE-2021-22677
https://notcve.org/view.php?id=CVE-2021-22677
An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior). Se presenta un desbordamiento de enteros en la API del host MCU al intentar conectarse a una red WIFI puede conllevar problemas como una condición de denegación de servicio o la ejecución de código en SimpleLink Wi-Fi (MSP432E4 SDK: versiones v4.20.00.12 y anteriores, CC32XX SDK versiones v4.30.00.06 y anteriores, CC13X0 SDK versiones anteriores a v4.10.03, CC13X2 y CC26XX SDK versiones anteriores a v4.40.00, CC3200 SDK versiones v1.5.0 y anteriores, CC3100 SDK versiones v1.3.0 y anteriores) • https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-22673
https://notcve.org/view.php?id=CVE-2021-22673
The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior). El producto afectado es vulnerable a un desbordamiento del búfer en la región stack de la memoria mientras procesa actualizaciones de firmware inalámbricas desde el servidor CDN, lo que puede permitir a un atacante ejecutar código remotamente en SimpleLink Wi-Fi (MSP432E4 SDK: versiones v4.20.00.12 y anteriores, CC32XX SDK versiones v4.30.00.06 y anteriores, CC13X0 SDK versiones anteriores a v4.10.03, CC13X2 y CC26XX SDK versiones anteriores a v4.40.00, CC3200 SDK versiones v1.5.0 y anteriores, CC3100 SDK versiones v1.3.0 y anteriores) • https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-22671
https://notcve.org/view.php?id=CVE-2021-22671
Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior). Se presentan varios problemas de desbordamiento de enteros al procesar nombres de dominio largos, lo que puede permitir a un atacante ejecutar código remotamente en SimpleLink Wi-Fi (MSP432E4 SDK: versiones v4.20.00.12 y anteriores, CC32XX SDK versiones v4.30.00.06 y anteriores, CC13X0 SDK versiones anteriores a v4.10.03, CC13X2 y CC26XX SDK versiones anteriores a v4.40.00, CC3200 SDK versiones v1.5.0 y anteriores, CC3100 SDK versiones v1.3.0 y anteriores) • https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01 • CWE-190: Integer Overflow or Wraparound •