CVE-2021-21970

Name of the Vulnerable Software and Affected Versions SeaConnect 370W version 1.3.34

Description An out-of-bounds write issue exists in the HandleSeaCloudMessage functionality. The HandleIncomingSeaCloudMessage function uses the json object get string to populate the p name global variable. Since p name is only 0x80 bytes long and the total MQTT message could be up to 0x201 bytes, the json object get string function may fill the string based on the length of the json's value, not the actual string size, resulting in a possible out-of-bounds write.

Recommendations For SeaConnect 370W version 1.3.34, as a temporary workaround, consider restricting the length of the MQTT message to prevent out-of-bounds writes until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.