On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is
received, the device becomes incapable of completing the pairing
process. A third party can inject a second PairReqNoInputNoOutput request
just after a real one, causing the pair request to be blocked.
Fixes

Solution

Update to firmware version 1.44 or higher.


Workaround

No workaround given by the vendor.

History

Fri, 29 Aug 2025 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 29 Aug 2025 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-239

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00068}

epss

{'score': 0.00075}


Wed, 16 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 16:00:00 +0000

Type Values Removed Values Added
Description On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked.
Title Denial of service on Microchip RN4870 devices
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Microchip

Published:

Updated: 2025-09-02T14:11:05.181Z

Reserved: 2024-03-18T06:11:27.983Z

Link: CVE-2024-29155

cve-icon Vulnrichment

Updated: 2024-10-16T17:13:30.510Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-16T16:15:03.630

Modified: 2025-08-29T21:15:33.510

Link: CVE-2024-29155

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:00:46Z