5.4
CVE-2022-46401
- EPSS 0.07%
- Published 19.12.2022 23:15:11
- Last modified 17.04.2025 15:15:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
Data is provided by the National Vulnerability Database (NVD)
Microchip ≫ Bm78 Firmware Version1.43
Microchip ≫ Bm83 Firmware Version1.43
Microchip ≫ Rn4870 Firmware Version1.43
Microchip ≫ Rn4871 Firmware Version1.43
Microchip ≫ Bm70 Firmware Version1.43
Microchip ≫ Bm71 Firmware Version1.43
Microchip ≫ Pic Lightblue Explorer Demo Firmware Version4.2_dt100112
Microchip ≫ Pic32cx1012bz25048 Firmware Version-
Microchip ≫ Wbz451 Firmware Version-
Microchip ≫ Rn4678 Firmware Version1.43
Microchip ≫ Bm77 Firmware Version1.43
Microchip ≫ Bm64 Firmware Version1.43
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.211 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.