CVE-2021-21965 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2021-21965?

CVE-2021-21965 has a CVSS score of 9.3 (CRITICAL). This vulnerability allows remote attackers to cause denial of service in Sealevel Systems SeaConnect 370W devices by sending specially crafted network packets to the SeaMax remote configuration functionality. Affected systems are SeaConnect 370W version 1.3.34 devices with remote configuration enabled.

📋 TL;DR

This vulnerability allows remote attackers to cause denial of service in Sealevel Systems SeaConnect 370W devices by sending specially crafted network packets to the SeaMax remote configuration functionality. Affected systems are SeaConnect 370W version 1.3.34 devices with remote configuration enabled.

💻 Affected Systems

Products:

Sealevel Systems SeaConnect 370W

Versions: v1.3.34

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SeaMax remote configuration functionality to be enabled, which is typically enabled by default for remote management.

📦 What is this software?

Seaconnect 370w Firmware by Sealevel

View all CVEs affecting Seaconnect 370w Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device unavailability requiring physical reset or power cycle, potentially disrupting industrial operations.

🟠

Likely Case

Temporary service disruption until device is manually restarted or recovers automatically.

🟢

If Mitigated

No impact if device is patched or remote configuration is disabled.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication if device is exposed to internet.

🏢 Internal Only: MEDIUM - Requires network access but could be exploited by internal threats or compromised systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted packets to the SeaMax service port (typically 1610/TCP). No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.3.35 or later

Vendor Advisory: https://www.sealevel.com/support/security-advisories/

Restart Required: Yes

Instructions:

1. Download latest firmware from Sealevel support portal. 2. Upload firmware to device via web interface. 3. Apply update. 4. Reboot device.

🔧 Temporary Workarounds

Disable SeaMax Remote Configuration

all

Disable the vulnerable SeaMax remote configuration service if not required.

Access device web interface > Configuration > Network Services > Disable SeaMax

Network Segmentation

all

Restrict access to SeaMax service port (1610/TCP) using firewall rules.

iptables -A INPUT -p tcp --dport 1610 -j DROP
netsh advfirewall firewall add rule name="Block SeaMax" dir=in action=block protocol=TCP localport=1610

🧯 If You Can't Patch

Implement strict network access controls to limit access to SeaMax port (1610/TCP) to trusted management systems only.
Monitor network traffic for anomalous packets to SeaMax service and implement rate limiting if possible.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface: System > About. If version is exactly 1.3.34, device is vulnerable.

Check Version:

curl -s http://device-ip/system/about | grep 'Firmware Version'

Verify Fix Applied:

Verify firmware version is 1.3.35 or later in System > About. Test remote configuration functionality works without causing DoS.

📡 Detection & Monitoring

Log Indicators:

Device crash/restart logs
SeaMax service failure messages
Unusual packet size or malformed requests to port 1610

Network Indicators:

Multiple malformed TCP packets to port 1610
Sudden cessation of device communications after 1610 traffic

SIEM Query:

source="firewall" dest_port=1610 AND (packet_size>1500 OR tcp_flags="malformed")

📊 Metadata

CVE ID: CVE-2021-21965

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

CWE: CWE-284

Published: February 4, 2022

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1392 Exploit,Technical Description,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1392 Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21965, you might also want to check these: