CVE-2021-35520

MEDIUM

IDEMIA Morpho Wave Compact & VisionPass <2.6.2 - Buffer Overflow

Title source: llm
STIX 2.1

Description

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.

References (3)

Core 3

Scores

CVSS v3 6.2
EPSS 0.0034
EPSS Percentile 25.8%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (4)
idemia/morphowave_compact_mdpi-m_firmware < 2.6.2
idemia/morphowave_compact_mdpi_firmware < 2.6.2
idemia/visionpass_mdpi-m_firmware < 2.6.2
idemia/visionpass_mdpi_firmware < 2.6.2
Published Jul 22, 2021
Tracked Since Feb 18, 2026