Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for RN4870 by Microchip
CVE-2024-29155 (GCVE-0-2024-29155)
Vulnerability from nvd – Published: 2024-10-16 15:51 – Updated: 2025-09-02 14:11
VLAI
Title
Denial of service on Microchip RN4870 devices
Summary
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is
received, the device becomes incapable of completing the pairing
process. A third party can inject a second PairReqNoInputNoOutput request
just after a real one, causing the pair request to be blocked.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.microchip.com/en-us/product/rn4870 | product |
| https://ww1.microchip.com/downloads/aemDocuments/… | release-notesproducttechnical-description |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T17:13:24.313288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T14:11:05.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RN4870",
"vendor": "Microchip",
"versions": [
{
"lessThan": "1.44",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wu, Tianwei"
},
{
"lang": "en",
"type": "finder",
"value": "Hussain Syed Rafiul"
},
{
"lang": "en",
"type": "finder",
"value": "Ishtiaq, Abdullah Al"
},
{
"lang": "en",
"type": "finder",
"value": "RASHID, SYED MD MUKIT"
},
{
"lang": "en",
"type": "reporter",
"value": "The Pennsylvania State University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."
}
],
"value": "On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-239",
"description": "CWE-239",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:19:19.590Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.microchip.com/en-us/product/rn4870"
},
{
"tags": [
"release-notes",
"product",
"technical-description"
],
"url": "https://ww1.microchip.com/downloads/aemDocuments/documents/WSG/ProductDocuments/SoftwareLibraries/Firmware/RN4870-71-Firmware-1.44.zip"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to firmware version 1.44 or higher.\u003cbr\u003e"
}
],
"value": "Update to firmware version 1.44 or higher."
}
],
"source": {
"advisory": "PSIRT-37",
"discovery": "UNKNOWN"
},
"title": "Denial of service on Microchip RN4870 devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-29155",
"datePublished": "2024-10-16T15:51:11.819Z",
"dateReserved": "2024-03-18T06:11:27.983Z",
"dateUpdated": "2025-09-02T14:11:05.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29155 (GCVE-0-2024-29155)
Vulnerability from cvelistv5 – Published: 2024-10-16 15:51 – Updated: 2025-09-02 14:11
VLAI
Title
Denial of service on Microchip RN4870 devices
Summary
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is
received, the device becomes incapable of completing the pairing
process. A third party can inject a second PairReqNoInputNoOutput request
just after a real one, causing the pair request to be blocked.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.microchip.com/en-us/product/rn4870 | product |
| https://ww1.microchip.com/downloads/aemDocuments/… | release-notesproducttechnical-description |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T17:13:24.313288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T14:11:05.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RN4870",
"vendor": "Microchip",
"versions": [
{
"lessThan": "1.44",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wu, Tianwei"
},
{
"lang": "en",
"type": "finder",
"value": "Hussain Syed Rafiul"
},
{
"lang": "en",
"type": "finder",
"value": "Ishtiaq, Abdullah Al"
},
{
"lang": "en",
"type": "finder",
"value": "RASHID, SYED MD MUKIT"
},
{
"lang": "en",
"type": "reporter",
"value": "The Pennsylvania State University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."
}
],
"value": "On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-239",
"description": "CWE-239",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:19:19.590Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.microchip.com/en-us/product/rn4870"
},
{
"tags": [
"release-notes",
"product",
"technical-description"
],
"url": "https://ww1.microchip.com/downloads/aemDocuments/documents/WSG/ProductDocuments/SoftwareLibraries/Firmware/RN4870-71-Firmware-1.44.zip"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to firmware version 1.44 or higher.\u003cbr\u003e"
}
],
"value": "Update to firmware version 1.44 or higher."
}
],
"source": {
"advisory": "PSIRT-37",
"discovery": "UNKNOWN"
},
"title": "Denial of service on Microchip RN4870 devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-29155",
"datePublished": "2024-10-16T15:51:11.819Z",
"dateReserved": "2024-03-18T06:11:27.983Z",
"dateUpdated": "2025-09-02T14:11:05.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}