RN4870
by Microchip
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29155 | Med | 0.28 | 4.3 | 0.00 | Oct 16, 2024 | On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair… | ||
| CVE-2022-45191 | 0.00 | — | 0.00 | Feb 7, 2023 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. | |||
| CVE-2022-45190 | 0.00 | — | 0.00 | Feb 7, 2023 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. | |||
| CVE-2022-45192 | 0.00 | — | 0.00 | Feb 7, 2023 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. | |||
| CVE-2022-46400 | 0.00 | — | 0.01 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing. | |||
| CVE-2022-46402 | 0.00 | — | 0.00 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values. | |||
| CVE-2022-46399 | 0.00 | — | 0.01 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. |
- risk 0.28cvss 4.3epss 0.00
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair…
- CVE-2022-45191Feb 7, 2023risk 0.00cvss —epss 0.00
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.
- CVE-2022-45190Feb 7, 2023risk 0.00cvss —epss 0.00
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.
- CVE-2022-45192Feb 7, 2023risk 0.00cvss —epss 0.00
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.
- CVE-2022-46400Dec 19, 2022risk 0.00cvss —epss 0.01
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.
- CVE-2022-46402Dec 19, 2022risk 0.00cvss —epss 0.00
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.
- CVE-2022-46399Dec 19, 2022risk 0.00cvss —epss 0.01
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.