BLE Communication Flaw in Microchip RN4870 Devices
CVE-2022-45190

5.3MEDIUM

Key Information:

Vendor: Microchip
Status: Rn4870 Firmware
Vendor: CVE Published:; 8 February 2023

What is CVE-2022-45190?

A security flaw has been identified in Microchip RN4870 1.43 devices that enables an attacker within Bluetooth Low Energy (BLE) radio range to bypass the passkey entry process during legacy pairing. This poses a risk as it allows unauthorized access to the device, making it imperative for users to apply necessary updates and monitor their device's security settings.

References

https://blediff.github.io/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2023
Vulnerability Reserved
Nov 11, 2022