Description
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_misc
https://www.microchip.com/product-change-notifications/#/
Vendor Advisory x_refsource_misc
https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol
Vendor Advisory x_refsource_misc
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf
Vendor Advisory x_refsource_misc
https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads
Release Notes, Vendor Advisory x_refsource_misc
https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf
Vendor Advisory x_refsource_misc
https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability
Scores
CVSS v3
7.5
EPSS
0.0128
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-670
Status
published
Products (1)
microchip/miwi
6.5
Published
Aug 05, 2021
Tracked Since
Feb 18, 2026