CVE-2024-29155
📋 TL;DR
This vulnerability in Microchip RN4870 Bluetooth modules allows an attacker to block legitimate pairing attempts by injecting a second PairReqNoInputNoOutput request immediately after a real one. This creates a denial-of-service condition for Bluetooth pairing functionality. Anyone using RN4870 devices in their products is affected.
💻 Affected Systems
- Microchip RN4870 Bluetooth Low Energy modules
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of Bluetooth pairing capabilities, preventing legitimate devices from connecting to the RN4870 module, effectively disabling Bluetooth functionality.
Likely Case
Temporary disruption of Bluetooth pairing, requiring device restart or timeout to restore functionality, causing intermittent connectivity issues.
If Mitigated
Minimal impact if devices are in controlled environments where attackers cannot access Bluetooth range or if pairing is rarely required after initial setup.
🎯 Exploit Status
Exploitation requires Bluetooth proximity and timing to inject the second request immediately after a legitimate pairing attempt.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version 1.44
Vendor Advisory: https://www.microchip.com/en-us/product/rn4870
Restart Required: Yes
Instructions:
1. Download firmware 1.44 from Microchip website. 2. Use Microchip development tools to flash new firmware to RN4870 modules. 3. Verify firmware version after update. 4. Test Bluetooth pairing functionality.
🔧 Temporary Workarounds
Implement pairing timeout and retry logic
allAdd application-level handling to detect failed pairing attempts and implement retry mechanisms with delays
Restrict Bluetooth access
allPhysically isolate devices or implement Bluetooth access controls to prevent unauthorized devices from reaching pairing range
🧯 If You Can't Patch
- Implement network segmentation to isolate Bluetooth devices from untrusted networks
- Monitor for repeated failed pairing attempts and alert on suspicious patterns
🔍 How to Verify
Check if Vulnerable:
Check RN4870 firmware version using AT+VER? command via UART interface. If version is below 1.44, device is vulnerable.Check Version:
AT+VER?Verify Fix Applied:
After updating firmware, verify version is 1.44 or higher using AT+VER? command and test pairing functionality with legitimate devices.📡 Detection & Monitoring
Log Indicators:
- Multiple consecutive PairReqNoInputNoOutput requests in Bluetooth logs
- Failed pairing attempts with error codes
Network Indicators:
- Unusual Bluetooth traffic patterns with rapid pairing requests
- Multiple MAC addresses attempting pairing in quick succession
SIEM Query:
bluetooth.event_type:"PairReqNoInputNoOutput" AND count > 1 within 1 second