CVE-2024-29155

4.3 MEDIUM

Published: October 16, 2024 Modified: April 15, 2026

Description

On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://ww1.microchip.com/downloads/aemDocuments/documents/WSG/ProductDocuments/SoftwareLibraries/Firmware/RN4870-71-Firmware-1.44.zip

Source: dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

https://www.microchip.com/en-us/product/rn4870

Source: dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

4.3 / 10.0

EPSS (Exploit Probability)

0.1%

25th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-239

Related CVEs

CVE-2026-40948 N/A

CVE-2026-2986 6.4

CVE-2026-2505 5.4

CVE-2026-0894 6.4

CVE-2026-41254 4.0