Vulnerability in Semtech Lr1110

CVE-2025-14859

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preima…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.000 (1.5th percentile) — read the EPSS interpretation.

Affected products

Semtech Lr1110 — versions 0
Semtech Lr1120 — versions 0
Semtech Lr1121 — versions 0

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

www.semtech.com/company/security/security-bulletins/sem-psa-2026-001