4.3
CVE-2024-29155
- EPSS 0.23%
- Veröffentlicht 16.10.2024 16:15:03
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle dc3f6da9-85b5-4a73-84a2-2ec90b
- CVE-Watchlists
- Unerledigt
Denial of service on Microchip RN4870 devices
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMicrochip
≫
Produkt
RN4870
Default Statusunaffected
Version
0
Version <
1.44
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.129 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-239 Failure to Handle Incomplete Element
The product does not properly handle when a particular element is not completely specified.
https://ww1.microchip.com/downloads/aemDocuments/documents/WSG/ProductDocuments/SoftwareLibraries/Firmware/RN4870-71-Firmware-1.44.zip
https://www.microchip.com/en-us/product/rn4870