Vulnerabilities > Cypress > Wireless Internet Connectivity FOR Embedded Devices
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-34145 | Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. | 2.9 |
| 2021-09-07 | CVE-2021-34147 | Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. low complexity cypress | 6.1 |
| 2021-09-07 | CVE-2021-34148 | Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. low complexity cypress | 6.1 |