VDB
ASB-A-159373687
ASB-A-159373687
PUBLISHED
CVSS 7 HIGH
In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | frameworks/opt/net/wifi | 8.1, 10, * |
| platform | packages/apps/Settings | 8.0:0, 10, * |
| platform | frameworks/base | 10, 8.0:0, 8.0 |
| platform | packages/apps/Car/Settings | 8.0:0, 10, * |
| platform | packages/services/Car | 8.0:0, 10, * |
Timeline
- Dec 1, 2020 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2020-12-01 advisory
- https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/db04b29f0f6a96b19850fc17e23818855f800d61 patch
- https://android.googlesource.com/platform/frameworks/base/+/4bd54c477c89d11cfe2d84ff20098aed01cf5de9 patch
- https://android.googlesource.com/platform/packages/apps/Car/Settings/+/dd7bed0670fbdf03d9097f2ba35967544467c863 patch
- https://android.googlesource.com/platform/packages/apps/Settings/+/a9a7f65a10b7514a4070a93d419796498926b5b3 patch
- https://android.googlesource.com/platform/packages/services/Car/+/54cc1b21d5b1e75f8c1d92cac32beaa2cad6a88c patch