VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 4, 2022· Updated Apr 15, 2025

CVE-2021-21964

CVE-2021-21964

Description

A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated network packets to the Modbus TCP service on SeaConnect 370W can trigger a reboot, causing denial of service.

Vulnerability

The vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. When the Modbus service is enabled, it binds to TCP port 502 without any authentication. A specially-crafted Modbus request can trigger a device reboot, leading to denial of service [1].

Exploitation

An attacker with network access to the device can send a properly formatted Modbus 'Reboot' request packet to TCP port 502. No authentication is required. The device will reboot immediately upon receiving the malicious packet [1].

Impact

Successful exploitation causes the device to reboot, resulting in denial of service. The device becomes unavailable until the reboot completes. No data loss or code execution is achieved [1].

Mitigation

As of the advisory publication date (2022-02-04), no patched version has been released. Users should disable the Modbus service if not needed, or restrict network access to TCP port 502 via firewall rules to mitigate the risk [1].

References
  1. TALOS-2021-1392 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.