CVE-2022-45190

MEDIUM

Microchip RN4870 1.43 - Missing Authentication for Critical Function via BLE Legacy Pairing

Title source: llm

Description

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.

References (1)

Core 1

Core References

Technical Description, Third Party Advisory

https://blediff.github.io/

Scores

CVSS v3 5.3

EPSS 0.0026

EPSS Percentile 16.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

microchip/rn4870_firmware 1.43

Published Feb 08, 2023

Tracked Since Feb 18, 2026