Bluetooth Pairing Issue in Microchip RN4870 Devices
CVE-2024-29155

Currently unrated

Key Information:

Vendor

Microchip

Status
RN4870
Vendor
CVE Published:
16 October 2024

What is CVE-2024-29155?

Certain Microchip RN4870 devices are susceptible to a vulnerability that disrupts the Bluetooth pairing process when two consecutive PairReqNoInputNoOutput requests are made. An attacker can exploit this issue by injecting a second PairReqNoInputNoOutput request immediately after a legitimate one, resulting in the pairing being blocked and preventing successful connections. This flaw could lead to inconvenience and hinder device usability.

References

https://www.microchip.com/en-us/product/rn4870
https://ww1.microchip.com/downloads/aemDocuments/document...

Timeline

  • Vulnerability published

.
CVE-2024-29155 : Bluetooth Pairing Issue in Microchip RN4870 Devices