CVE-2021-35522

CRITICAL

IDEMIA MorphoWave and VisionPass Firmware < 2.6.2 - Buffer Overflow via Thrift Command Handlers

Title source: llm
STIX 2.1

Description

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0366
EPSS Percentile 88.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (11)
idemia/ma_vp_md_firmware
idemia/morphowave_compact_md_firmware
idemia/morphowave_compact_mdpi-m_firmware < 2.6.2
idemia/morphowave_compact_mdpi_firmware < 2.6.2
idemia/sigma_extreme_firmware
idemia/sigma_lite\+_firmware
idemia/sigma_lite_firmware
idemia/sigma_wide_firmware
idemia/visionpass_md_firmware
idemia/visionpass_mdpi-m_firmware < 2.6.2
... and 1 more
Published Jul 22, 2021
Tracked Since Feb 18, 2026