CVEs-PoC/2021/CVE-2021-21966.md

### [CVE-2021-21966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21966)
![](https://img.shields.io/static/v1?label=Product&message=Texas%20Instruments&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Texas%20Instruments%20CC3200%20SimpleLink%20Solution%20NWP%202.9.0.0%2CSealevel%20Systems%2C%20Inc.%20SeaConnect%20370W%20v1.3.34%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-457%3A%20Use%20of%20Uninitialized%20Variable&color=brightgreen)

### Description

An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1393

#### Github
- https://github.com/muurk/smartap-revival