CVE-2021-21971
Description
An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds write vulnerability in SeaConnect 370W's MQTT handling allows remote code execution via a man-in-the-middle attack.
Vulnerability
An out-of-bounds write vulnerability exists in the readPacket function of Eclipse Embedded Paho MQTTClient-C library v1.0.0, as used by Sealevel Systems SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can trigger a buffer overflow, leading to memory corruption [1].
Exploitation
An attacker can perform a man-in-the-middle attack to inject a malicious MQTT message. No authentication is required, but the attacker must have network access to the device. The attack does not require user interaction [1].
Impact
Successful exploitation allows remote code execution with high impact on confidentiality, integrity, and availability. The CVSS score is 9.8 (Critical) [1].
Mitigation
The underlying vulnerability in the Paho library was fixed in July 2017, but SeaConnect 370W firmware v1.3.34 does not include this fix. Sealevel Systems has not released an updated firmware as of the publication date. No known workarounds are available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Sealevel Systems, Inc./SeaConnect 370Wdescription
- Range: = v1.3.34
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1406mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.