The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.
References
Link | Resource |
---|---|
https://microchip.com | Product |
https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM | Exploit Technical Description Third Party Advisory |
https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG | Third Party Advisory |
https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
27 Dec 2022, 20:01
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le - Vendor Advisory | |
References | (MISC) https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG - Third Party Advisory | |
References | (MISC) https://microchip.com - Product | |
References | (MISC) https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM - Exploit, Technical Description, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-863 | |
CPE | cpe:2.3:h:microchip:is1871:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:rn4871:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm71_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:is1870_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:h:microchip:is1870:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:rn4870:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm78:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:rn4870_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:is1871_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:h:microchip:pic_lightblue_explorer_demo:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm70:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm71:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm70_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:rn4871_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm83_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:pic_lightblue_explorer_demo_firmware:4.2_dt100112:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm78_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm83:-:*:*:*:*:*:*:* |
|
First Time |
Microchip bm71
Microchip rn4870 Microchip bm83 Firmware Microchip pic Lightblue Explorer Demo Microchip bm70 Microchip bm83 Microchip bm70 Firmware Microchip rn4870 Firmware Microchip rn4871 Firmware Microchip is1871 Microchip pic Lightblue Explorer Demo Firmware Microchip is1870 Firmware Microchip bm78 Firmware Microchip bm71 Firmware Microchip bm78 Microchip is1871 Firmware Microchip is1870 Microchip rn4871 Microchip |
19 Dec 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-19 23:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-46400
Mitre link : CVE-2022-46400
CVE.ORG link : CVE-2022-46400
JSON object : View
Products Affected
microchip
- bm78_firmware
- is1870_firmware
- is1871
- pic_lightblue_explorer_demo_firmware
- pic_lightblue_explorer_demo
- is1871_firmware
- bm83
- bm70_firmware
- bm71_firmware
- is1870
- bm70
- rn4870_firmware
- rn4870
- rn4871_firmware
- bm83_firmware
- rn4871
- bm71
- bm78
CWE