CVE-2023-29468

EPSS 53.87%
Published 14.08.2023 19:15:11
Last modified 05.05.2025 16:15:34
Source cve@mitre.org
Teams watchlist Login
Open Login

The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Ti ≫ Wilink8-wifi-mcp8 Version < 8.5

Ti ≫ Wilink8-wifi-mcp8 Version8.5 Update-

Ti ≫ Wilink8-wifi-mcp8 Version8.5 Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	53.87%	0.978

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.ti.com/lit/swra773

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29468

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29468

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29468

EUVD