Texas Instrument Microcontrollers (CC2640 and CC2650) vulnerability made vendor headache! (Nov 2018)

As time goes by, we seen the cyber security coverage not limit to desktop, notebook and server. Even though WiFi chip set will be involved zero day vulnerability management cycle. Texas Instrument Microcontrollers expose that CC2640 and CC2650 has vulnerable to cyber attack. If the incoming data is over a certain length and continuous execution. As a result, it will copy the overly large packet to the buffer and cause a variable and heap overflow.This memory corruption can lead to code execution on the main CPU of the device, which could have the potential to affect other devices across a network if the origin is a networked device.
This vulnerability was patched in BLE-Stack v2.2.2 released by Texas Instruments on March 28, 2018. Affected devices will require a firmware update to obtain the updated BLE-Stack. However Cisco and other hardware manufacture just announce the remedy solution this week. Sound strange! Regarding to the announcement by Cisco, the Aironet Access Points and Meraki AP are the victim of this vulnerability. Should you have interest to find out the technical details, please refer below URL for reference.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap