Login Sign Up

CVE-2021-41040

7.5 HIGH

📋 TL;DR

CVE-2021-41040 is an out-of-bounds read vulnerability in Eclipse Wakaama's CoAP parsing code that allows attackers to read sensitive memory contents. This affects all systems using vulnerable versions of Eclipse Wakaama for LwM2M device management. The vulnerability stems from improper sanitization of network-received data.

💻 Affected Systems

Products:
  • Eclipse Wakaama (formerly liblwm2m)
Versions: All versions before commit 8b2c5e9 (2021-01-14)
Operating Systems: All operating systems running Wakaama
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both Wakaama client and server implementations using CoAP protocol.

📦 What is this software?

Wakaama by Eclipse

View all CVEs affecting Wakaama →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution or sensitive information disclosure through memory corruption leading to complete system compromise.

🟠

Likely Case

Denial of service through application crashes or information disclosure of adjacent memory contents.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation controls in place.

🌐 Internet-Facing: HIGH - CoAP is often exposed to networks and the vulnerability requires no authentication.
🏢 Internal Only: MEDIUM - Still significant risk within internal networks but potentially easier to contain.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted CoAP packets but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 8b2c5e9 and later (2021-01-14)

Vendor Advisory: https://bugs.eclipse.org/bugs/show_bug.cgi?id=577968

Restart Required: Yes

Instructions:

1. Update to Wakaama version with commit 8b2c5e9 or later. 2. Rebuild the application. 3. Restart affected services. 4. Verify the fix by checking version.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict CoAP traffic to trusted networks only

iptables -A INPUT -p udp --dport 5683 -s trusted_network -j ACCEPT
iptables -A INPUT -p udp --dport 5683 -j DROP

Input Validation Proxy

all

Deploy a proxy that validates CoAP packets before forwarding

🧯 If You Can't Patch

  • Implement strict network access controls to limit CoAP traffic
  • Monitor for abnormal CoAP packet patterns and application crashes

🔍 How to Verify

Check if Vulnerable:

Check if Wakaama version predates commit 8b2c5e9 (2021-01-14) by examining source code or build timestamps

Check Version:

Check build date or git commit hash in application logs or configuration

Verify Fix Applied:

Verify the application includes the fix from commit 8b2c5e9 by checking source code or version information

📡 Detection & Monitoring

Log Indicators:

  • Application crashes
  • Memory access violation errors
  • Abnormal CoAP packet processing logs

Network Indicators:

  • Malformed CoAP packets
  • Unusual CoAP traffic patterns
  • Traffic to CoAP port 5683 from untrusted sources

SIEM Query:

source="*wakaama*" AND (error OR crash OR "memory violation") OR dest_port=5683 AND protocol="CoAP" AND packet_size>normal

📊 Metadata

CVE ID: CVE-2021-41040
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: February 1, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41040, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)