The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
References
Link | Resource |
---|---|
https://microchip.com | Product |
https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM | Exploit Technical Description Third Party Advisory |
https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG | Third Party Advisory |
https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
27 Dec 2022, 20:01
Type | Values Removed | Values Added |
---|---|---|
First Time |
Microchip pic32cx1012bz25048 Firmware
Microchip bm71 Microchip rn4870 Microchip bm77 Firmware Microchip bm83 Firmware Microchip pic Lightblue Explorer Demo Microchip bm70 Microchip bm77 Microchip wbz451 Firmware Microchip bm83 Microchip bm64 Microchip bm70 Firmware Microchip rn4870 Firmware Microchip rn4678 Firmware Microchip rn4871 Firmware Microchip pic Lightblue Explorer Demo Firmware Microchip bm64 Firmware Microchip pic32cx1012bz25048 Microchip bm78 Firmware Microchip bm71 Firmware Microchip bm78 Microchip wbz451 Microchip rn4678 Microchip rn4871 Microchip |
|
CPE | cpe:2.3:h:microchip:rn4871:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm77_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm71_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:h:microchip:wbz451:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:rn4678:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:rn4870:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm78_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm78:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:rn4870_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:h:microchip:pic_lightblue_explorer_demo:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm70:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm71:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm64:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm64_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm70_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:h:microchip:pic32cx1012bz25048:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm77:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:rn4871_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:bm83_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:o:microchip:pic_lightblue_explorer_demo_firmware:4.2_dt100112:*:*:*:*:*:*:* cpe:2.3:o:microchip:wbz451_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:microchip:bm83:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:pic32cx1012bz25048_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:rn4678_firmware:1.43:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | (CONFIRM) https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le - Vendor Advisory | |
References | (MISC) https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG - Third Party Advisory | |
References | (MISC) https://microchip.com - Product | |
References | (MISC) https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM - Exploit, Technical Description, Third Party Advisory |
19 Dec 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-19 23:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-46401
Mitre link : CVE-2022-46401
CVE.ORG link : CVE-2022-46401
JSON object : View
Products Affected
microchip
- bm71_firmware
- pic32cx1012bz25048
- rn4870_firmware
- bm70
- pic_lightblue_explorer_demo
- pic32cx1012bz25048_firmware
- rn4871
- bm71
- bm83
- bm78_firmware
- wbz451
- rn4871_firmware
- rn4870
- wbz451_firmware
- bm77_firmware
- pic_lightblue_explorer_demo_firmware
- bm77
- bm83_firmware
- bm64
- rn4678_firmware
- rn4678
- bm78
- bm64_firmware
- bm70_firmware
CWE