VYPR

RN4870

by Microchip

CVEs (7)

  • CVE-2024-29155MedOct 16, 2024
    risk 0.28cvss 4.3epss 0.00

    On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair…

  • CVE-2022-45191Feb 7, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.

  • CVE-2022-45190Feb 7, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.

  • CVE-2022-45192Feb 7, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.

  • CVE-2022-46400Dec 19, 2022
    risk 0.00cvss epss 0.01

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.

  • CVE-2022-46402Dec 19, 2022
    risk 0.00cvss epss 0.00

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.

  • CVE-2022-46399Dec 19, 2022
    risk 0.00cvss epss 0.01

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.