CVE-2024-29155 in RN4870
Summary
by MITRE • 10/16/2024
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/30/2025
The CVE-2024-29155 vulnerability affects Microchip RN4870 Bluetooth Low Energy devices, specifically targeting the pairing mechanism implementation within the Bluetooth stack. This flaw represents a significant security weakness that undermines the device's ability to establish secure connections through the Bluetooth pairing process. The vulnerability manifests when the device encounters multiple consecutive PairReqNoInputNoOutput requests, creating a condition where the pairing sequence becomes permanently blocked. This issue directly impacts the device's operational integrity and can result in complete pairing failure, rendering the device unable to establish secure communication with authorized peers.
The technical implementation flaw stems from inadequate state management within the Bluetooth pairing protocol handler. When the RN4870 device receives a PairReqNoInputNoOutput request, it transitions through specific pairing states to establish a secure connection. However, the device fails to properly validate or handle consecutive pairing requests, particularly when these requests are identical in type and structure. The vulnerability occurs because the device's pairing state machine does not adequately distinguish between legitimate consecutive pairing attempts and malicious injection attacks. This weakness allows an attacker to exploit the device's pairing protocol by injecting a second PairReqNoInputNoOutput request immediately after a legitimate one, effectively jamming the pairing process.
From an operational perspective, this vulnerability creates substantial risks for IoT deployments and embedded systems utilizing Microchip RN4870 devices. The pairing process blocking can lead to complete device inaccessibility, forcing users to physically intervene with device reset procedures or replacement. In industrial IoT scenarios, this vulnerability could result in critical system failures where devices become unreachable during maintenance windows or emergency situations. The attack vector is particularly concerning as it requires minimal sophistication to execute, allowing an attacker with network access to disrupt pairing operations without requiring physical proximity or advanced technical skills. This vulnerability directly impacts the device's availability and can be classified as a denial-of-service condition that affects the core functionality of the Bluetooth communication stack.
The vulnerability aligns with CWE-362, which addresses concurrent execution using shared resources, and represents a race condition within the Bluetooth pairing protocol implementation. From an ATT&CK framework perspective, this vulnerability maps to T1566.001 (Phishing via Social Engineering) and T1595.001 (Active Scanning) as attackers can exploit the pairing mechanism to disrupt legitimate device operations. The impact extends beyond simple pairing failure to potentially compromise the entire security posture of IoT ecosystems that rely on these devices for secure communication. Organizations should implement immediate mitigations including firmware updates from Microchip, network segmentation to limit access to pairing endpoints, and monitoring for anomalous pairing request patterns. Additionally, device administrators should consider implementing pairing request rate limiting mechanisms and regular security assessments to identify potential exploitation attempts. The vulnerability demonstrates the critical importance of proper state management in embedded security protocols and highlights the need for robust validation of consecutive protocol operations in IoT device implementations.