// For flags

CVE-2024-29155

Denial of service on Microchip RN4870 devices

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is
received, the device becomes incapable of completing the pairing
process. A third party can inject a second PairReqNoInputNoOutput request
just after a real one, causing the pair request to be blocked.

En los dispositivos Microchip RN4870, cuando se recibe más de una solicitud PairReqNoInputNoOutput consecutiva, el dispositivo no puede completar el proceso de emparejamiento. Un tercero puede inyectar una segunda solicitud PairReqNoInputNoOutput justo después de una real, lo que hace que la solicitud de emparejamiento se bloquee.

*Credits: Wu, Tianwei, Hussain Syed Rafiul, Ishtiaq, Abdullah Al, RASHID, SYED MD MUKIT, The Pennsylvania State University
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-18 CVE Reserved
  • 2024-10-16 CVE Published
  • 2024-10-16 CVE Updated
  • 2024-10-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
  • CAPEC-125: Flooding
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microchip
Search vendor "Microchip"
 RN4870
Search vendor "Microchip" for product "RN4870"
 < 1.44
Search vendor "Microchip" for product "RN4870" and version " < 1.44"
en
Affected