{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-29155","assignerOrgId":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5","state":"PUBLISHED","assignerShortName":"Microchip","dateReserved":"2024-03-18T06:11:27.983Z","datePublished":"2024-10-16T15:51:11.819Z","dateUpdated":"2025-09-02T14:11:05.181Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"RN4870","vendor":"Microchip","versions":[{"lessThan":"1.44","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Wu, Tianwei"},{"lang":"en","type":"finder","value":"Hussain Syed Rafiul"},{"lang":"en","type":"finder","value":"Ishtiaq, Abdullah Al"},{"lang":"en","type":"finder","value":"RASHID, SYED MD MUKIT"},{"lang":"en","type":"reporter","value":"The Pennsylvania State University"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."}],"value":"On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."}],"impacts":[{"capecId":"CAPEC-125","descriptions":[{"lang":"en","value":"CAPEC-125 Flooding"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-239","description":"CWE-239","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5","shortName":"Microchip","dateUpdated":"2025-08-29T20:19:19.590Z"},"references":[{"tags":["product"],"url":"https://www.microchip.com/en-us/product/rn4870"},{"tags":["release-notes","product","technical-description"],"url":"https://ww1.microchip.com/downloads/aemDocuments/documents/WSG/ProductDocuments/SoftwareLibraries/Firmware/RN4870-71-Firmware-1.44.zip"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update to firmware version 1.44 or higher.<br>"}],"value":"Update to firmware version 1.44 or higher."}],"source":{"advisory":"PSIRT-37","discovery":"UNKNOWN"},"title":"Denial of service on Microchip RN4870 devices","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-16T17:13:24.313288Z","id":"CVE-2024-29155","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-02T14:11:05.181Z"}}]}}