CWE-239
Failure to Handle Incomplete Element
VariantDraft
Description
The product does not properly handle when a particular element is not completely specified.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-41724 | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again. | |
| CVE-2024-29155 | Med | 0.28 | 4.3 | 0.00 | Oct 16, 2024 | On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked. |