The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.
CPE | Name | Operator | Version |
---|---|---|---|
wilink8-wifi-mcp8 | eq | 8.5 sp3 | |
wilink8-wifi-mcp8 | eq | 8.5 | |
wilink8-wifi-mcp8 | lt | 8.5 |