CWE-940
AllowedImproper Verification of Source of a Communication Channel
Abstraction: Base · Status: Incomplete
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.
92 vulnerabilities reference this CWE, most recent first.
GHSA-MRC8-VCHM-35QC
Vulnerability from github – Published: 2024-03-15 18:30 – Updated: 2025-11-04 21:31The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
{
"affected": [],
"aliases": [
"CVE-2023-7004"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-15T17:15:07Z",
"severity": "MODERATE"
},
"details": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.",
"id": "GHSA-mrc8-vchm-35qc",
"modified": "2025-11-04T21:31:20Z",
"published": "2024-03-15T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7004"
},
{
"type": "WEB",
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PHG5-3H7X-599V
Vulnerability from github – Published: 2026-03-22 15:31 – Updated: 2026-03-22 15:31Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.
{
"affected": [],
"aliases": [
"CVE-2019-25613"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-22T14:16:29Z",
"severity": "HIGH"
},
"details": "Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.",
"id": "GHSA-phg5-3h7x-599v",
"modified": "2026-03-22T15:31:28Z",
"published": "2026-03-22T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25613"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46806"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter"
},
{
"type": "WEB",
"url": "http://www.echatserver.com"
},
{
"type": "WEB",
"url": "http://www.echatserver.com/ecssetup.exe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q6H8-QGXM-M9PC
Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-01-14 15:30An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.
{
"affected": [],
"aliases": [
"CVE-2024-36506"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T14:15:30Z",
"severity": "LOW"
},
"details": "An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.",
"id": "GHSA-q6h8-qgxm-m9pc",
"modified": "2025-01-14T15:30:53Z",
"published": "2025-01-14T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36506"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-078"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QG37-CWRH-945R
Vulnerability from github – Published: 2026-04-17 21:31 – Updated: 2026-04-17 21:31Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.
{
"affected": [],
"aliases": [
"CVE-2026-40434"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-17T20:16:36Z",
"severity": "HIGH"
},
"details": "Anviz CrossChex Standard\nlacks source verification in the client/server channel, enabling TCP \npacket injection by an attacker on the same network to alter or disrupt \napplication traffic.",
"id": "GHSA-qg37-cwrh-945r",
"modified": "2026-04-17T21:31:47Z",
"published": "2026-04-17T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40434"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
},
{
"type": "WEB",
"url": "https://www.anviz.com/contact-us.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPJX-9HP9-85GM
Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-11-03 21:32IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.
{
"affected": [],
"aliases": [
"CVE-2025-23019"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T20:15:32Z",
"severity": "MODERATE"
},
"details": "IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.",
"id": "GHSA-qpjx-9hp9-85gm",
"modified": "2025-11-03T21:32:10Z",
"published": "2025-01-14T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23019"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc4213"
},
{
"type": "WEB",
"url": "https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/199397"
},
{
"type": "WEB",
"url": "https://www.top10vpn.com/research/tunneling-protocol-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QQ7F-H836-RRP8
Vulnerability from github – Published: 2024-07-16 21:30 – Updated: 2024-08-01 15:32An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.
{
"affected": [],
"aliases": [
"CVE-2024-40503"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T19:15:13Z",
"severity": "MODERATE"
},
"details": "An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.",
"id": "GHSA-qq7f-h836-rrp8",
"modified": "2024-08-01T15:32:02Z",
"published": "2024-07-16T21:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40503"
},
{
"type": "WEB",
"url": "https://gist.github.com/Mivik/8927ad100a638756e1fe214dd5fca5f9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V2J3-F5J8-8JRP
Vulnerability from github – Published: 2024-06-17 18:31 – Updated: 2024-08-01 15:31Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.
{
"affected": [],
"aliases": [
"CVE-2024-37663"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-17T18:15:17Z",
"severity": "LOW"
},
"details": "Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.",
"id": "GHSA-v2j3-f5j8-8jrp",
"modified": "2024-08-01T15:31:49Z",
"published": "2024-06-17T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37663"
},
{
"type": "WEB",
"url": "https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VH43-CC6X-PRPR
Vulnerability from github – Published: 2022-12-29 18:30 – Updated: 2023-01-10 15:48Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.9.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/usememos/memos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-4848"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T22:51:51Z",
"nvd_published_at": "2022-12-29T18:15:00Z",
"severity": "MODERATE"
},
"details": "Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.",
"id": "GHSA-vh43-cc6x-prpr",
"modified": "2023-01-10T15:48:04Z",
"published": "2022-12-29T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4848"
},
{
"type": "WEB",
"url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948"
},
{
"type": "PACKAGE",
"url": "https://github.com/usememos/memos"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "usememos/memos vulnerable to Improper Verification of Source of a Communication Channel"
}
GHSA-VHMM-VH3J-5VWW
Vulnerability from github – Published: 2024-08-02 18:31 – Updated: 2024-08-07 18:30An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
{
"affected": [],
"aliases": [
"CVE-2024-38886"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-02T18:16:19Z",
"severity": "CRITICAL"
},
"details": "An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.",
"id": "GHSA-vhmm-vh3j-5vww",
"modified": "2024-08-07T18:30:41Z",
"published": "2024-08-02T18:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38886"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.273370"
},
{
"type": "WEB",
"url": "http://caterease.com"
},
{
"type": "WEB",
"url": "http://horizon.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W6V7-W58J-PG5R
Vulnerability from github – Published: 2021-11-15 17:40 – Updated: 2021-11-15 14:59In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@theia/plugin-ext"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41038"
],
"database_specific": {
"cwe_ids": [
"CWE-940"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-12T19:46:56Z",
"nvd_published_at": "2021-11-10T17:15:00Z",
"severity": "MODERATE"
},
"details": "In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().",
"id": "GHSA-w6v7-w58j-pg5r",
"modified": "2021-11-15T14:59:59Z",
"published": "2021-11-15T17:40:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41038"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-theia/theia/pull/10125"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575924"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse-theia/theia"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Verification of Communication Channel in @theia/plugin-ext"
}
Mitigation
- Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack.
- When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate.
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.
CAPEC-594: Traffic Injection
An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.
CAPEC-595: Connection Reset
In this attack pattern, an adversary injects a connection reset packet to one or both ends of a target's connection. The attacker is therefore able to have the target and/or the destination server sever the connection without having to directly filter the traffic between them.
CAPEC-596: TCP RST Injection
An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.