CVE-2026-7763
Awaiting Analysis Awaiting Analysis - Queue
Heap-based Buffer Overflow in Morse Micro HaLowLink

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: Bugcrowd Inc.

Description
A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service (kernel panic) or potentially achieve Remote Code Execution via a crafted 802.11ah beacon frame containing a malformed Traffic Indication Map (TIM) Information Element. The function morse_page_slicing_process_tim_element() in page_slicing.c derives the TIM bitmap length directly from a received IE field without validating it against the fixed-size destination buffer before passing it to memset and memcpy operations, allowing up to 252 bytes of attacker-controlled data to be written beyond the buffer boundary. Because beacons are broadcast frames processed during passive scanning, no authentication, association, or user interaction is required.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-7763
EUVD
EUVD-2026-34781
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
morse_micro halowlink_2 to 2.11.13 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7763 is a heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver used in Morse Micro HaLowLink 2 software versions before 2.11.13.

An unauthenticated attacker within radio range can exploit this vulnerability by sending a specially crafted 802.11ah beacon frame containing a malformed Traffic Indication Map (TIM) Information Element.

The vulnerability arises because the function morse_page_slicing_process_tim_element() derives the TIM bitmap length directly from the received IE field without validating it against the fixed-size destination buffer. This leads to up to 252 bytes of attacker-controlled data being written beyond the buffer boundary during memset and memcpy operations.

Since beacon frames are broadcast and processed during passive scanning, no authentication, association, or user interaction is required to exploit this flaw.

Impact Analysis

Exploitation of this vulnerability can cause a Denial of Service (DoS) by triggering a kernel panic in the affected device.

Additionally, it may allow an attacker to achieve Remote Code Execution (RCE), potentially gaining control over the device.

Because the attack requires only being within radio range and no authentication, it poses a significant security risk to devices running vulnerable versions of HaLowLink 2.

Detection Guidance

This vulnerability is exploited by sending a maliciously crafted 802.11ah beacon frame containing a malformed Traffic Indication Map (TIM) Information Element. Detection would involve monitoring for unusual or malformed 802.11ah beacon frames with abnormal TIM IE lengths.

Since the vulnerability occurs in the morse.ko HaLow Wi-Fi kernel driver during passive scanning of beacon frames, network detection tools that can capture and analyze 802.11ah beacon frames for malformed TIM IEs could help identify attempts to exploit this issue.

Specific commands are not provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade the Morse Micro HaLowLink 2 software to version 2.11.13 or later, where this vulnerability has been resolved.

Until the upgrade can be applied, limiting exposure by restricting radio range access or disabling the affected HaLow Wi-Fi functionality may reduce risk.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7763. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart