Bypass Passkey Entry Vulnerability in Microchip RN4870 Module and PIC LightBlue Explorer Demo
CVE-2022-46400

5.4MEDIUM

Key Information:

Vendor: Microchip
Status: Bm78 Firmware
Vendor: CVE Published:; 19 December 2022

What is CVE-2022-46400?

The Microchip RN4870 module firmware version 1.43, along with the PIC LightBlue Explorer Demo 4.2 DT100112, is susceptible to a security flaw that permits attackers to bypass the mandatory passkey entry required during the legacy Bluetooth pairing process. This flaw can expose devices to unauthorized access. It is critical for users and developers to be aware of this vulnerability and follow best practices in securing their devices to mitigate risks associated with unapproved connections.

References

https://www.computer.org/csdl/proceedings/sp/2023/1He7WWu...

https://www.computer.org/csdl/proceedings-article/sp/2023...

https://microchip.com

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Dec 4, 2022