CVE-2018-9489Sensitive Information Exposure in INC Android

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedNov 6
Latest updateMay 14

Description

When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android6 versions+5
CVEListV5google_inc/androidAndroid-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0

🔴Vulnerability Details

2
GHSA
GHSA-82jx-f3w3-hw7f: When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine2022-05-14
CVEList
CVE-2018-9489: When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine2018-11-06
CVE-2018-9489 — Sensitive Information Exposure | cvebase