CWE-941
Incorrectly Specified Destination in a Communication Channel
BaseIncomplete
Description
The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-34947 | Cri | 0.61 | 9.4 | 0.00 | May 20, 2024 | Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack. | |
| CVE-2025-69515 | Cri | 0.59 | 9.1 | 0.00 | Apr 7, 2026 | An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location. | |
| CVE-2024-29415 | Hig | 0.52 | 8.1 | 0.85 | May 27, 2024 | The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282. | |
| CVE-2026-40118 | Med | 0.41 | 6.3 | 0.00 | Apr 16, 2026 | UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information disclosure. | |
| CVE-2025-0036 | Low | 0.21 | 3.2 | 0.00 | Jun 10, 2025 | In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data. |