CVE-2021-35520

medium

Description

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.

References

https://www.idemia.com

https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true

https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true

Details

Source: Mitre, NVD

Published: 2021-07-22

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.2

Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00092