CVE-2021-21966

MEDIUM

TI Simplelink Cc32xx Software Develop... - Use of Uninitialized Resource

Title source: rule

Description

An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.

References (2)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2021-1393

[Vendor Advisory] https://www.ti.com/lit/an/swra740/swra740.pdf?ts=1645536893264&

Scores

CVSS v3 5.3

EPSS 0.0202

EPSS Percentile 83.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-457 CWE-908

Status published

Products (3)

ti/cc3100_firmware < 1.0.1.15-2.15.0.1

ti/cc3200_firmware < 1.0.1.15-2.15.0.1

ti/simplelink_cc32xx_software_development_kit < 5.30.00.08

Published Feb 16, 2022

Tracked Since Feb 18, 2026