Firmware Vulnerability in Microchip RN4870 Module and LightBlue Explorer Demo
CVE-2022-46401

5.4MEDIUM

Key Information:

Vendor: Microchip
Status: Bm78 Firmware
Vendor: CVE Published:; 19 December 2022

What is CVE-2022-46401?

The Microchip RN4870 module firmware version 1.43 and the LightBlue Explorer Demo 4.2 DT100112 exhibit a vulnerability where the device can accept a PauseEncReqPlainText message prior to the completion of the pairing process. This situation may expose the module to potential security risks as it can lead to unintended interactions and may allow attackers to inject malicious commands during the initialization phase of the Bluetooth connection.

References

https://www.computer.org/csdl/proceedings/sp/2023/1He7WWu...

https://www.computer.org/csdl/proceedings-article/sp/2023...

https://microchip.com

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Dec 4, 2022