CVE-2024-29862 identifies a vulnerability in the Kerlink firewall integrated into ChirpStack's chirpstack-mqtt-forwarder (versions prior to 4.2.1) and chirpstack-gateway-bridge (versions prior to 4.0.11). ChirpStack is an open-source LoRaWAN Network Server stack widely used for managing IoT devices over low-power wide-area networks. The vulnerability arises because the firewall incorrectly accepts certain TCP packets even when the TCP connection is not in the ESTABLISHED state, violating standard TCP stateful firewall behavior. Normally, stateful firewalls track connection states and only allow packets that belong to established or related connections, blocking unsolicited packets that could be malicious. This flaw allows unauthenticated remote attackers to send crafted TCP packets that bypass these checks, potentially exposing sensitive data or enabling further network reconnaissance. The CVSS v3.1 score of 7.5 reflects a high severity due to the network attack vector, low attack complexity, no privileges or user interaction required, and a high impact on confidentiality. However, integrity and availability remain unaffected. No public exploits have been reported yet, but the vulnerability poses a risk to deployments of ChirpStack components in IoT infrastructure, especially those relying on Kerlink hardware and software stacks. The lack of patches at the time of reporting underscores the need for immediate attention from administrators.

The vulnerability can lead to unauthorized disclosure of sensitive information by allowing attackers to bypass firewall protections and send unsolicited TCP packets to ChirpStack components. This can compromise the confidentiality of data transmitted within IoT networks, potentially exposing device telemetry, network configurations, or user data. Since ChirpStack is used to manage LoRaWAN gateways and devices, attackers could leverage this flaw to gather intelligence on network topology or intercept communications. Although the vulnerability does not affect data integrity or system availability directly, the confidentiality breach could facilitate further attacks or unauthorized access. Organizations deploying ChirpStack in critical infrastructure, smart city applications, or industrial IoT environments face increased risk of data leakage and espionage. The ease of exploitation without authentication or user interaction increases the likelihood of automated scanning and exploitation attempts once public exploits emerge.

Administrators should upgrade chirpstack-mqtt-forwarder to version 4.2.1 or later and chirpstack-gateway-bridge to version 4.0.11 or later as soon as patches become available. Until patches are applied, network operators should implement additional perimeter firewall rules to restrict unsolicited inbound TCP traffic to ChirpStack components, especially from untrusted networks. Deploying network intrusion detection systems (NIDS) to monitor for anomalous TCP packets that do not conform to expected connection states can help detect exploitation attempts. Segmentation of IoT networks and limiting exposure of ChirpStack services to the internet reduces attack surface. Regularly auditing firewall configurations and ensuring stateful inspection is correctly enforced can mitigate risk. Finally, monitoring vendor advisories and subscribing to security mailing lists will ensure timely awareness of patch releases and exploit reports.