Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:cypress:wireless_internet_connectivity_for_embedded_devices:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-34148 |
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. Published: September 07, 2021; 3:15:07 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.1 MEDIUM |
CVE-2021-34147 |
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. Published: September 07, 2021; 3:15:07 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.1 MEDIUM |
CVE-2021-34145 |
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. Published: September 07, 2021; 3:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 2.9 LOW |