Common Weakness Enumeration

CWE-940

Allowed

Improper Verification of Source of a Communication Channel

Abstraction: Base · Status: Incomplete

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

92 vulnerabilities reference this CWE, most recent first.

GHSA-MRC8-VCHM-35QC

Vulnerability from github – Published: 2024-03-15 18:30 – Updated: 2025-11-04 21:31
VLAI
Details

The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-15T17:15:07Z",
    "severity": "MODERATE"
  },
  "details": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.",
  "id": "GHSA-mrc8-vchm-35qc",
  "modified": "2025-11-04T21:31:20Z",
  "published": "2024-03-15T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7004"
    },
    {
      "type": "WEB",
      "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/949046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PHG5-3H7X-599V

Vulnerability from github – Published: 2026-03-22 15:31 – Updated: 2026-03-22 15:31
VLAI
Details

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-22T14:16:29Z",
    "severity": "HIGH"
  },
  "details": "Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.",
  "id": "GHSA-phg5-3h7x-599v",
  "modified": "2026-03-22T15:31:28Z",
  "published": "2026-03-22T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25613"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46806"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter"
    },
    {
      "type": "WEB",
      "url": "http://www.echatserver.com"
    },
    {
      "type": "WEB",
      "url": "http://www.echatserver.com/ecssetup.exe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q6H8-QGXM-M9PC

Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-01-14 15:30
VLAI
Details

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36506"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T14:15:30Z",
    "severity": "LOW"
  },
  "details": "An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.",
  "id": "GHSA-q6h8-qgxm-m9pc",
  "modified": "2025-01-14T15:30:53Z",
  "published": "2025-01-14T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36506"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-078"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QG37-CWRH-945R

Vulnerability from github – Published: 2026-04-17 21:31 – Updated: 2026-04-17 21:31
VLAI
Details

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-17T20:16:36Z",
    "severity": "HIGH"
  },
  "details": "Anviz CrossChex Standard\nlacks source verification in the client/server channel, enabling TCP \npacket injection by an attacker on the same network to alter or disrupt \napplication traffic.",
  "id": "GHSA-qg37-cwrh-945r",
  "modified": "2026-04-17T21:31:47Z",
  "published": "2026-04-17T21:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40434"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
    },
    {
      "type": "WEB",
      "url": "https://www.anviz.com/contact-us.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPJX-9HP9-85GM

Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-11-03 21:32
VLAI
Details

IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T20:15:32Z",
    "severity": "MODERATE"
  },
  "details": "IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.",
  "id": "GHSA-qpjx-9hp9-85gm",
  "modified": "2025-11-03T21:32:10Z",
  "published": "2025-01-14T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23019"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc4213"
    },
    {
      "type": "WEB",
      "url": "https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/199397"
    },
    {
      "type": "WEB",
      "url": "https://www.top10vpn.com/research/tunneling-protocol-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ7F-H836-RRP8

Vulnerability from github – Published: 2024-07-16 21:30 – Updated: 2024-08-01 15:32
VLAI
Details

An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T19:15:13Z",
    "severity": "MODERATE"
  },
  "details": "An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.",
  "id": "GHSA-qq7f-h836-rrp8",
  "modified": "2024-08-01T15:32:02Z",
  "published": "2024-07-16T21:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40503"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Mivik/8927ad100a638756e1fe214dd5fca5f9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V2J3-F5J8-8JRP

Vulnerability from github – Published: 2024-06-17 18:31 – Updated: 2024-08-01 15:31
VLAI
Details

Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-17T18:15:17Z",
    "severity": "LOW"
  },
  "details": "Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.",
  "id": "GHSA-v2j3-f5j8-8jrp",
  "modified": "2024-08-01T15:31:49Z",
  "published": "2024-06-17T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37663"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VH43-CC6X-PRPR

Vulnerability from github – Published: 2022-12-29 18:30 – Updated: 2023-01-10 15:48
VLAI
Summary
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Details

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.9.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/usememos/memos"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-4848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T22:51:51Z",
    "nvd_published_at": "2022-12-29T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.",
  "id": "GHSA-vh43-cc6x-prpr",
  "modified": "2023-01-10T15:48:04Z",
  "published": "2022-12-29T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4848"
    },
    {
      "type": "WEB",
      "url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/usememos/memos"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "usememos/memos vulnerable to Improper Verification of Source of a Communication Channel"
}

GHSA-VHMM-VH3J-5VWW

Vulnerability from github – Published: 2024-08-02 18:31 – Updated: 2024-08-07 18:30
VLAI
Details

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-02T18:16:19Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.",
  "id": "GHSA-vhmm-vh3j-5vww",
  "modified": "2024-08-07T18:30:41Z",
  "published": "2024-08-02T18:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38886"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.273370"
    },
    {
      "type": "WEB",
      "url": "http://caterease.com"
    },
    {
      "type": "WEB",
      "url": "http://horizon.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W6V7-W58J-PG5R

Vulnerability from github – Published: 2021-11-15 17:40 – Updated: 2021-11-15 14:59
VLAI
Summary
Improper Verification of Communication Channel in @theia/plugin-ext
Details

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@theia/plugin-ext"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-940"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-12T19:46:56Z",
    "nvd_published_at": "2021-11-10T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().",
  "id": "GHSA-w6v7-w58j-pg5r",
  "modified": "2021-11-15T14:59:59Z",
  "published": "2021-11-15T17:40:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41038"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse-theia/theia/pull/10125"
    },
    {
      "type": "WEB",
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575924"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eclipse-theia/theia"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Verification of Communication Channel in @theia/plugin-ext"
}

Mitigation
Architecture and Design
  • Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack.
  • When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate.
CAPEC-500: WebView Injection

An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.

CAPEC-594: Traffic Injection

An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.

CAPEC-595: Connection Reset

In this attack pattern, an adversary injects a connection reset packet to one or both ends of a target's connection. The attacker is therefore able to have the target and/or the destination server sever the connection without having to directly filter the traffic between them.

CAPEC-596: TCP RST Injection

An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.