CVE-2021-34145: Medium severity cypress wireless internet connectivity for embedded devices vulnerability
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMPmaxslot with an invalid Baseband packet type (and LTADDRESS and LTADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2021-34145?
The severity of CVE-2021-34145 is medium with a CVSS score of 5.3.
What is the affected software for CVE-2021-34145?
The affected software for CVE-2021-34145 is Cypress Wireless Internet Connectivity For Embedded Devices version up to and including 2.9.0.
How does CVE-2021-34145 affect Cypress Cyw20735b1 devices?
Cypress Cyw20735b1 devices are not vulnerable to CVE-2021-34145.
What is the recommended solution for CVE-2021-34145?
Update the Cypress WICED BT stack to version 2.9.1 or later to fix CVE-2021-34145.
Are there any additional references for CVE-2021-34145?
Yes, you can refer to the following links for more information: [BrakTooth Research Paper](https://dl.packetstormsecurity.net/papers/general/braktooth.pdf) and [Cypress Documentation](https://www.cypress.com/documentation/datasheets/cyw20735b1-single-chip-bluetooth-transceiver-wireless-input-devices)