Unprivileged App Broadcast Vulnerability: Local Information Disclosure in AccessPointPreference.java

Unprivileged App Broadcast Vulnerability: Local Information Disclosure in AccessPointPreference.java

CVE-2023-21230 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.