CVE-2021-37605

Name of the Vulnerable Software and Affected Versions Microchip MiWi software versions prior to 6.5

Description The issue concerns the validation of Message Integrity Check (MIC) bytes in the Microchip MiWi software stack. Specifically, the stack only validates two out of four MIC bytes. Additionally, there is a possibility of frame counters being validated or updated before message authentication, which could lead to security issues.

Recommendations For Microchip MiWi software versions prior to 6.5, update to a version that properly validates all four MIC bytes and ensures message authentication occurs before frame counter validation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.