CWE-239
Failure to Handle Incomplete Element
VariantDraft
Description
The product does not properly handle when a particular element is not completely specified.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-41724 | — | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again. | |
| CVE-2024-29155 | Med | 0.28 | 4.3 | 0.00 | Oct 16, 2024 | On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair… |
- risk 0.49cvss 7.5epss 0.00
An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.
- risk 0.28cvss 4.3epss 0.00
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair…