17 matches found
CVE-2024-29862
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state...
CVE-2020-28349
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees...
Firewall Bypass
github.com/chirpstack/chirpstack-gateway-bridge/ is vulnerable to Firewall Bypass. The vulnerability is due to the firewall accepting specific TCP packets outside the ESTABLISHED connection state...
CVE-2024-29862
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state...
CVE-2024-29862
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state...
CVE-2024-29862
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state...
ChirpStack MQTT Forwarder 安全漏洞
ChirpStack MQTT Forwarder is a ChirpStack open source forwarder that can be installed on a gateway to forward LoRa data via MQTT. A security vulnerability exists in ChirpStack MQTT Forwarder versions prior to 4.2.1, chirpstack-gateway-bridge versions prior to 4.0.11, which stems from a Kerlink...
PT-2024-23088 · Kerlink +1 · Kerlink Firewall +2
Name of the Vulnerable Software and Affected Versions: ChirpStack chirpstack-mqtt-forwarder versions 4.2.0 and earlier ChirpStack chirpstack-gateway-bridge versions 4.0.10 and earlier Description: The Kerlink firewall in ChirpStack wrongly accepts certain TCP packets when a connection is not in t...
CVE-2024-29862
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state...
CVE-2024-29862
The CVE describes a logic flaw in the Kerlink firewall used by ChirpStack components: the forwarder (chirpstack-mqtt-forwarder) and the gateway bridge (chirpstack-gateway-bridge) may incorrectly accept certain TCP packets when the TCP connection is not in the ESTABLISHED state. Affected versions ...
CVE-2020-28349
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees...
CVE-2020-28349
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees...
Design/Logic Flaw
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees...
CVE-2020-28349
CVE-2020-28349 affects ChirpStack Network Server 3.9.0. The issue is an inaccurate frame deduplication in internal/uplink/collect.go, allowing a malicious gateway to cause uplink DoS via malformed frequency attributes in CollectAndCallOnceCollect. Public sources (Red Hat, Veracode, CNVD, PT-Secur...
CVE-2020-28349
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees...
ChirpStack Network Server Denial of Service Vulnerability
ChirpStack Network Server is an open source LoRaWAN service for individual developers. The software is used in the wireless connectivity aspect of the Internet of Things and is characterized by low power consumption, long range and high capacity. A security vulnerability exists in ChirpStack...
PT-2020-16991 · Chirpstack · Chirpstack Network Server
Name of the Vulnerable Software and Affected Versions: ChirpStack Network Server version 3.9.0 Description: The issue is related to an inaccurate frame deduplication process, allowing a malicious gateway to perform an uplink Denial of Service via malformed frequency attributes in the...