CVEbaza.plCWE DictionaryCWE-941
Common Weakness Enumeration

CWE-941

Incorrectly Specified Destination in a Communication Channel

Category: BaseCVE: 9
Description

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

CVE vulnerabilities with CWE-941 (9)
9.4
CVSS
CRITICAL
CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack.

pub. 2024-05-20
9.1
CVSS
CRITICAL
CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.

pub. 2026-04-07
8.1
CVSS
HIGH
CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

pub. 2024-05-27
7.5
CVSS
HIGH
CVE-2019-18242

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.

pub. 2020-03-24
7.2
CVSS
HIGH
CVE-2025-53899

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

pub. 2025-11-29
6.5
CVSS
MEDIUM
CVE-2022-4847

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

pub. 2022-12-29
6.1
CVSS
MEDIUM
CVE-2023-33198

tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.

pub. 2023-05-30
5.1
CVSS
MEDIUM
CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information disclosure.

pub. 2026-04-16
3.2
CVSS
LOW
CVE-2025-0036

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.

pub. 2025-06-10
Information
ID: CWE-941
Type: Base
Vulnerabilities: 9
MITRE CWE ↗
← CWE Dictionary