PUB-A-224772890 — Vulnetix

PUB-A-224772890 PUBLISHED

In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	13:0, 13:0, 13

Timeline

Dec 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-12-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/a8ccc3456cce30fc9820463b8eadf3bc904a111b patch

Open in Interactive Console →