CVE-2021-35522
CRITICALIDEMIA MorphoWave and VisionPass Firmware < 2.6.2 - Buffer Overflow via Thrift Command Handlers
Title source: llmDescription
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.
References (3)
Core 3
Core References
Product x_refsource_misc
https://www.idemia.com
Patch, Vendor Advisory x_refsource_misc
https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true
Patch, Vendor Advisory x_refsource_misc
https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true
Scores
CVSS v3
9.8
EPSS
0.0366
EPSS Percentile
88.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (11)
idemia/ma_vp_md_firmware
idemia/morphowave_compact_md_firmware
idemia/morphowave_compact_mdpi-m_firmware
< 2.6.2
idemia/morphowave_compact_mdpi_firmware
< 2.6.2
idemia/sigma_extreme_firmware
idemia/sigma_lite\+_firmware
idemia/sigma_lite_firmware
idemia/sigma_wide_firmware
idemia/visionpass_md_firmware
idemia/visionpass_mdpi-m_firmware
< 2.6.2
... and 1 more
Published
Jul 22, 2021
Tracked Since
Feb 18, 2026