CVE-2021-21969

Name of the Vulnerable Software and Affected Versions Sealevel Systems, Inc. SeaConnect 370W version 1.3.34

Description An out-of-bounds write issue exists in the HandleSeaCloudMessage functionality. The HandleIncomingSeaCloudMessage function uses the json object get string to populate the p payload global variable. The p payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the json object get string function will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write.

Recommendations As a temporary workaround, consider disabling the HandleIncomingSeaCloudMessage function until a patch is available. Restrict access to the HandleSeaCloudMessage functionality to minimize the risk of exploitation. Avoid using the json object get string function to populate the p payload global variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.