1. Home
  2. CVE Database
  3. CVE-2022-46401
MEDIUM · 5.4

CVE-2022-46401

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.

Vulnerability Description

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
MicrochipBm78 Firmware1.43
MicrochipBm78-
MicrochipBm83 Firmware1.43
MicrochipBm83-
MicrochipRn4870 Firmware1.43
MicrochipRn4870-
MicrochipRn4871 Firmware1.43
MicrochipRn4871-
MicrochipBm70 Firmware1.43
MicrochipBm70-
MicrochipBm71 Firmware1.43
MicrochipBm71-
MicrochipPic Lightblue Explorer Demo Firmware4.2_dt100112
MicrochipPic Lightblue Explorer Demo-
MicrochipPic32Cx1012Bz25048 Firmware-
MicrochipPic32Cx1012Bz25048-
MicrochipWbz451 Firmware-
MicrochipWbz451-
MicrochipRn4678 Firmware1.43
MicrochipRn4678-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2022-46401?

CVE-2022-46401 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.

How severe is CVE-2022-46401?

CVE-2022-46401 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-46401?

Check the references section above for vendor advisories and patch information. Affected products include: Microchip Bm78 Firmware, Microchip Bm78, Microchip Bm83 Firmware, Microchip Bm83, Microchip Rn4870 Firmware.