CVE-2022-46400 - Vulnerability Details

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microchip	Bm70 Bm70 Firmware Bm71 Bm71 Firmware Bm78 Bm78 Firmware Bm83 Bm83 Firmware Is1870 Is1870 Firmware Is1871 Is1871 Firmware Pic Lightblue Explorer Demo Pic Lightblue Explorer Demo Firmware Rn4870 Rn4870 Firmware Rn4871 Rn4871 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:microchip:bm78_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:bm78:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:microchip:bm83_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:bm83:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:microchip:rn4870_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:rn4870:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:microchip:rn4871_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:rn4871:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:microchip:bm70_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:bm70:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:microchip:bm71_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:bm71:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:microchip:pic_lightblue_explorer_demo_firmware:4.2_dt100112:*:*:*:*:*:*:*

cpe:2.3:h:microchip:pic_lightblue_explorer_demo:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:microchip:is1870_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:is1870:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:microchip:is1871_firmware:1.43:*:*:*:*:*:*:*

cpe:2.3:h:microchip:is1871:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://microchip.com
https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG
https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le

History

Thu, 17 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-287
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-19T00:00:00.000Z

Updated: 2025-04-17T14:30:49.785Z

Reserved: 2022-12-04T00:00:00.000Z

Link: CVE-2022-46400

Vulnrichment

Updated: 2024-08-03T14:31:46.342Z

NVD

Status : Modified

Published: 2022-12-19T23:15:10.960

Modified: 2025-04-17T15:15:51.150

Link: CVE-2022-46400

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object