MAL-2026-3255 Malicious code in @enterprise-core/auth-gateway-bridge (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

Firewall Bypass

github.com/chirpstack/chirpstack-gateway-bridge/ is vulnerable to Firewall Bypass. The vulnerability is due to the firewall accepting specific TCP packets outside the ESTABLISHED connection state...

CVE-2024-29862

The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state...

ChirpStack MQTT Forwarder 安全漏洞

ChirpStack MQTT Forwarder is a ChirpStack open source forwarder that can be installed on a gateway to forward LoRa data via MQTT. A security vulnerability exists in ChirpStack MQTT Forwarder versions prior to 4.2.1, chirpstack-gateway-bridge versions prior to 4.0.11, which stems from a Kerlink...

CVE-2024-29862

The CVE describes a logic flaw in the Kerlink firewall used by ChirpStack components: the forwarder (chirpstack-mqtt-forwarder) and the gateway bridge (chirpstack-gateway-bridge) may incorrectly accept certain TCP packets when the TCP connection is not in the ESTABLISHED state. Affected versions ...