CWE-941
Incorrectly Specified Destination in a Communication Channel
Description
The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34947 | Cri | 0.61 | 9.4 | 0.00 | May 20, 2024 | Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack. | ||
| CVE-2025-69515 | — | Cri | 0.59 | 9.1 | 0.01 | Apr 7, 2026 | An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location. | |
| CVE-2024-29415 | Hig | 0.52 | 8.1 | 0.08 | May 27, 2024 | The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix… | ||
| CVE-2026-40118 | Med | 0.41 | 6.3 | 0.00 | Apr 16, 2026 | UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy… | ||
| CVE-2025-0036 | Low | 0.21 | 3.2 | 0.00 | Jun 10, 2025 | In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data. | ||
| CVE-2022-4847 | — | 0.00 | — | 0.01 | Dec 29, 2022 | Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. |
- risk 0.61cvss 9.4epss 0.00
Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack.
- risk 0.59cvss 9.1epss 0.01
An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.
- risk 0.52cvss 8.1epss 0.08
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix…
- risk 0.41cvss 6.3epss 0.00
UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy…
- risk 0.21cvss 3.2epss 0.00
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
- CVE-2022-4847Dec 29, 2022risk 0.00cvss —epss 0.01
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.