Vulnerability Details CVE-2022-46400
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.6%
CVSS Severity
CVSS v3 Score 5.4
References
- https://microchip.com
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
- https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le
- https://microchip.com
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
- https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le
Products affected by CVE-2022-46400
-
cpe:2.3:h:microchip:bm70:-
-
cpe:2.3:h:microchip:bm71:-
-
cpe:2.3:h:microchip:bm78:-
-
cpe:2.3:h:microchip:bm83:-
-
cpe:2.3:h:microchip:is1870:-
-
cpe:2.3:h:microchip:is1871:-
-
cpe:2.3:h:microchip:pic_lightblue_explorer_demo:-
-
cpe:2.3:h:microchip:rn4870:-
-
cpe:2.3:h:microchip:rn4871:-
-
cpe:2.3:o:microchip:bm70_firmware:1.43
-
cpe:2.3:o:microchip:bm71_firmware:1.43
-
cpe:2.3:o:microchip:bm78_firmware:1.43
-
cpe:2.3:o:microchip:bm83_firmware:1.43
-
cpe:2.3:o:microchip:is1870_firmware:1.43
-
cpe:2.3:o:microchip:is1871_firmware:1.43
-
cpe:2.3:o:microchip:pic_lightblue_explorer_demo_firmware:4.2_dt100112
-
cpe:2.3:o:microchip:rn4870_firmware:1.43
-
cpe:2.3:o:microchip:rn4871_firmware:1.43