Vulnetix
Try Vulnetix Request Demo
ASB-A-159373687 PUBLISHED CVSS 7 HIGH

In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v4.0
7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
platformframeworks/opt/net/wifi10, 8.1, 9
platformpackages/apps/Settings10, *, 9
platformframeworks/base8.0, 8.0, 8.1:0
platformpackages/apps/Car/Settings10, *, 9
platformpackages/services/Car8.0:0, 8.0, 8.1:0

Timeline

References

Open in Interactive Console →