8 matches found
CVE-2022-45192
The CVE-2022-45192 entry describes a vulnerability in Microchip RN4870, version 1.43, where an attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. The available documents consistently name the RN4870 1.43 device and the cleartext encrypti...
CVE-2022-46399
The CVE-2022-46399 issue affects Microchip RN4870 module firmware version 1.43 and the Microchip PIC LightBlue Explorer Demo version 4.2 DT100112, described as an unresponsive state caused by ConReqTimeoutZero. The vulnerability is documented with a CVSS v3.1 base score of 7.5 (HIGH) and an adjac...
CVE-2022-46401
The CVE-2022-46401 affects Microchip RN4870 module firmware v1.43 and the Microchip PIC LightBlue Explorer Demo v4.2 DT100112, where PauseEncReqPlainText is accepted before pairing is complete. This can place the low-power Bluetooth stack in a faulty state, discarding other messages and causing s...
CVE-2022-45191
CVE-2022-45191 affects Microchip RN4870 (v1.43). A denial-of-service can be triggered by an attacker within Bluetooth Low Energy range sending a pair-confirm message with wrong values, exploiting a flaw in the pairing confirmation handling. The impact is availability disruption (per CVSS: HIGH av...
CVE-2022-46400
CVE-2022-46400 affects Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112, enabling an attacker to bypass passkey entry in legacy Bluetooth pairing. The publicly documented impact is a bypass of authentication during legacy pairing, with CVSSv3.1 metr...
CVE-2022-45190
CVE-2022-45190 affects Microchip RN4870 devices (version 1.43). The issue allows an attacker within the BLE radio range to bypass the passkey entry in the legacy pairing process. The Red Hat, NVD, CNNVD, CVE authorities all describe the same vulnerability, with the attack surface centered on Blue...
CVE-2022-46403
The CVE-2022-46403 entry concerns the Microchip RN4870 module firmware v1.43 and the Microchip PIC LightBlue Explorer Demo v4.2 DT100112, which mishandle reject messages. Connected sources confirm affected products/versions but do not provide root-cause details, exploit information, or a vendor-s...
CVE-2022-46402
The CVE-2022-46402 entry concerns Microchip RN4870 module firmware v1.43 and the PIC LightBlue Explorer Demo 4.2 DT100112, where PairCon_rmSend accepts incorrect values due to improper validation. Documented impact per CVSS indicates availability impact is HIGH while other CIA aspects are NONE. T...