Vulnerabilities > CVE-2022-46401 - Unspecified vulnerability in Microchip products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
LOW low complexity
microchip
Summary
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
Vulnerable Configurations
References
- https://microchip.com
- https://microchip.com
- https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
- https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le
- https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le