Vulnerability Details CVE-2022-46401
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.1%
CVSS Severity
CVSS v3 Score 5.4
References
- https://microchip.com
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
- https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le
- https://microchip.com
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
- https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le
Products affected by CVE-2022-46401
-
cpe:2.3:h:microchip:bm64:-
-
cpe:2.3:h:microchip:bm70:-
-
cpe:2.3:h:microchip:bm71:-
-
cpe:2.3:h:microchip:bm77:-
-
cpe:2.3:h:microchip:bm78:-
-
cpe:2.3:h:microchip:bm83:-
-
cpe:2.3:h:microchip:pic32cx1012bz25048:-
-
cpe:2.3:h:microchip:pic_lightblue_explorer_demo:-
-
cpe:2.3:h:microchip:rn4678:-
-
cpe:2.3:h:microchip:rn4870:-
-
cpe:2.3:h:microchip:rn4871:-
-
cpe:2.3:h:microchip:wbz451:-
-
cpe:2.3:o:microchip:bm64_firmware:1.43
-
cpe:2.3:o:microchip:bm70_firmware:1.43
-
cpe:2.3:o:microchip:bm71_firmware:1.43
-
cpe:2.3:o:microchip:bm77_firmware:1.43
-
cpe:2.3:o:microchip:bm78_firmware:1.43
-
cpe:2.3:o:microchip:bm83_firmware:1.43
-
cpe:2.3:o:microchip:pic32cx1012bz25048_firmware:-
-
cpe:2.3:o:microchip:pic_lightblue_explorer_demo_firmware:4.2_dt100112
-
cpe:2.3:o:microchip:rn4678_firmware:1.43
-
cpe:2.3:o:microchip:rn4870_firmware:1.43
-
cpe:2.3:o:microchip:rn4871_firmware:1.43
-
cpe:2.3:o:microchip:wbz451_firmware:-