Bluetooth LE Vulnerability in Microchip RN4870 Module Firmware
CVE-2022-46402

6.5MEDIUM

Key Information:

Vendor: Microchip
Status: Bm78 Firmware
Vendor: CVE Published:; 19 December 2022

What is CVE-2022-46402?

The RN4870 module firmware from Microchip is susceptible to a vulnerability where it incorrectly accepts values from PairCon_rmSend, potentially leading to unforeseen behaviors. This flaw may compromise the integrity and security of devices utilizing this firmware, highlighting the importance of keeping firmware up to date to mitigate risks associated with unauthorized data acceptance and device behavior. It is crucial for developers and users using the affected products to implement appropriate security measures to protect their systems.

References

https://www.computer.org/csdl/proceedings/sp/2023/1He7WWu...

https://www.computer.org/csdl/proceedings-article/sp/2023...

https://microchip.com

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Dec 4, 2022