CVE-2021-37604

Name of the Vulnerable Software and Affected Versions Microchip MiWi versions prior to 6.5

Description The issue allows an attacker to potentially increment incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload, resulting in denial of service or valid packets in the network. There is also a possibility of a replay attack in the stack.

Recommendations For versions prior to 6.5, consider implementing additional validation checks for frame counters to ensure they are updated after message authentication, as a temporary workaround to minimize the risk of exploitation. Restrict access to the network to prevent attackers from injecting malicious messages.